An even funnier way to disable windows defender. (through WSC api)

A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases…

Reverse Engineering: Decompiling Binary Code with Large Language Models

CVE-2024-30090 - LPE PoC

TeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.

Kernel mode WinDbg extension and PoCs for token privilege investigation.

《机器翻译：基础与模型》肖桐 朱靖波 著 - Machine Translation: Foundations and Models

Native API header files for the System Informer project.

Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths

Unorthodox and stealthy way to inject a DLL into the explorer using icons

Official implementation of AsmDepictor, "A Transformer-based Function Symbol Name Inference Model from an Assembly Language for Binary Reversing", In the 18th ACM Asia Conference on Computer and Co…

Exploit targeting NT kernel in 24H2 Windows Insider Preview

Admin to Kernel code execution using the KSecDD driver

Tools and Techniques for Blue Team / Incident Response

Github repo with tutorials to fine tune transformers for diff NLP tasks

The nanoGPT-style implementation of RWKV Language Model - an RNN with GPT-level LLM performance.

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

Tutorials on implementing a few sequence-to-sequence (seq2seq) models with PyTorch and TorchText.

The Definitive Guide To Process Cloning on Windows

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit