The official NGINX Open Source repository.

A little tool to play with Windows security

The pattern matching swiss knife

windows-kernel-exploits Windows平台提权漏洞集合

FreeRTOS kernel files only, submoduled into https://github.com/FreeRTOS/FreeRTOS and various other repos.

Using Zygisk to dump il2cpp data at runtime

Kernel Driver Utility

🔥 ByteHook is an Android PLT hook library which supports armeabi-v7a, arm64-v8a, x86 and x86_64.

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

🔥 ShadowHook is an Android inline hook library which supports thumb, arm32 and arm64.

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

Open-Source Shellcode & PE Packer

Red-Team LKM

Dump various types of Windows credentials without injecting in any process.

Process Injection using Thread Name

Cybersecurity research results. Simple C/C++ and Python implementations

Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.

Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread

通杀检测基于白文件patch黑代码的免杀技术的后门

about how to make a anti-virus engine

Matryoshka - stacked LKM loader

Universal Linux LKM rootkit, designed to work in any kernel version and both architectures (i686 and x86_64).

Stealthy DLL injector using thread hijacking and remote gadgets — no OpenProcess or CreateRemoteThread.

研究笔记/Research Report

Kernel module that allows hiding files in any filesystem

Windows、Linux持久化套件/Windows, Linux persistence suite

Windows process injection methods