Repositories Users Organizations
Filter
Sort
admin/ WaryasSWHE
C++ 0 0
Updated 2025-11-26 18:53:29 +08:00
admin/ mash_hypervisor
C++ 0 0
mash hypervisor host pml4
hypervisor
Updated 2025-11-24 15:47:24 +08:00
admin/ APT_Step_Bear_Inject
C++ 0 0
复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》
Updated 2025-11-24 15:46:51 +08:00
admin/ DuckMemoryScan
C++ 0 0
检测绝大部分所谓的内存免杀马
Updated 2025-11-24 15:46:28 +08:00
admin/ csgo2_tiny_server_plugin_system
C++ 0 0
a server plugin system for cs2 server,power by lua
cs2 csgo csgo-server csgo2
Updated 2025-11-24 15:46:13 +08:00
admin/ traffic-duck
C++ 0 0
traffic duck
Updated 2025-11-24 15:45:30 +08:00
admin/ cpu_duck
C++ 0 0
关于intel和amd指令行为不一样这件事
Updated 2025-11-24 15:45:10 +08:00
admin/ Etw-Syscall
C++ 0 0
https://key08.com/index.php/2021/10/19/1375.html
Updated 2025-11-24 15:44:55 +08:00
admin/ PresentHookDetection
C++ 0 0
Updated 2025-11-24 15:44:31 +08:00
admin/ CobaltStrikeDetected
C++ 0 0
40行代码检测到大部分CobaltStrike的shellcode
Updated 2025-11-24 15:43:28 +08:00
admin/ DuckSandboxDetect
C++ 0 0
沙箱测试,测评国内常见沙箱的代码与结论
Updated 2025-11-24 15:43:11 +08:00
admin/ CowInjecter
C++ 0 0
滥用cow机制进行全局注入
Updated 2025-11-24 15:42:32 +08:00
admin/ efi-memory
C++ 0 0
PoC EFI runtime driver for memory r/w & kdmapper fork
Updated 2025-11-24 15:41:25 +08:00
admin/ pdfwkrnl-exploit
C++ 0 0
abusing signed pdfwkrnl.sys for kernel function calling from usermode.
dkom exploit kernel kernel-exploit pdfwkrnl vulnerable-driver
Updated 2025-11-24 15:40:28 +08:00
admin/ driverMapper
C++ 0 0
An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE & PG to map the unsigned driver.
Updated 2025-11-24 15:40:09 +08:00
admin/ sleep_duck_eye
C++ 0 0
Stack integrity verification to Detect SleepMask or CallStack Spoofer
Updated 2025-11-24 15:39:44 +08:00
admin/ kvc
C++ 0 0
KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch/skci.dll hijack) and PP/PPL manipulation for LSASS memory dumping on modern Windows with HVCI/VBS.
bypass-dse-load-unsigned-driver-windows11 disable-windows-defender-tamper-protection driver-signature-enforcement-bypass-hvci-windows dump-lsass-memory-protected-process-light kernel-driver-stealth-loading protected-process-light-ppl-wintcb-bypass secureboot-disable-unsigned-driver-load unprotect-process-ppl-wintcb windows-watermark-removal-tool
Updated 2025-11-24 09:38:16 +08:00
admin/ SimpleRemoter
C++ 0 0
A remote control program based on Gh0st: 实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能,优化全部代码及整理排版,修复内存泄漏缺陷,程序运行稳定。项目代码仅限于学习和交流用途。
management-system monitoring-tool remote remote-control remote-work
Updated 2025-11-24 09:38:02 +08:00
admin/ pe-packer
C++ 0 0
X86 Packer with Portable Executable compatibility.
Updated 2025-11-24 09:37:34 +08:00
admin/ Ryujin
C++ 0 0
Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool
bin2bin code malware-analysis obfuscator pe protector reverse-engineering virtualization windows
Updated 2025-11-24 09:35:25 +08:00