A little tool to play with Windows security

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

The pattern matching swiss knife

windows-kernel-exploits Windows平台提权漏洞集合

FreeRTOS kernel files only, submoduled into https://github.com/FreeRTOS/FreeRTOS and various other repos.

Using Zygisk to dump il2cpp data at runtime

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

Red-Team LKM

Dump various types of Windows credentials without injecting in any process.

Process Injection using Thread Name

Cybersecurity research results. Simple C/C++ and Python implementations

Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.

Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread

Matryoshka - stacked LKM loader

Universal Linux LKM rootkit, designed to work in any kernel version and both architectures (i686 and x86_64).

研究笔记/Research Report

Stealthy DLL injector using thread hijacking and remote gadgets — no OpenProcess or CreateRemoteThread.

Kernel module that allows hiding files in any filesystem

Windows、Linux持久化套件/Windows, Linux persistence suite

Windows process injection methods