Stars
Minimalistic HTTP(S) client for the NT kernel
I will be posting most of my learning on Windows Low Level detection Engineering (Malware Analysis and Windows Internals) From TrainSec Academy and other resources.
Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool
Bypass user-land hooks by syscall tampering via the Trap Flag
Dumping App Bound Protected Credentials & Cookies Without Privileges.
Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.
Extensible Position Independent Code – shellcode (C/C++) development and building toolkit designed for developer experience, predictability, and modularity.
SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.
This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
xoreaxeaxeax / REpsych
Forked from Battelle/REpsychPsychological warfare in reverse engineering
A project for allowing EDK-II Development with Visual Studio
Morpheus is an lsass stealer that extracts lsass.exe in RAM and exfiltrates it via forged and crypted NTP packets. For authorized testing only!
Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.
Android reverse-engineering tool / smali editor
Shellcode capable of bypassing EAF / IAF mitigations
reverse engineering of the windows nt kernel debugger protocol & reimplementation.
A powerful, modular, lightweight and efficient command & control framework written in Nim.
Injecting DLL into LSASS at boot
C++ self-Injecting dropper based on various EDR evasion techniques.
Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussions/15
POC of a better implementation of GetProcAddress for ntdll using binary search