KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Process Explorer driver to kill a process's handles from kerne…

一些frida脚本

asynchronous examples for openssl using poll/epoll

拼多多apk内嵌提权代码，及动态下发dex分析

C++那些事

A Highly capable Pe Packer

It's a minifilter used for transparent-encrypting.

Walking the callstack in windows applications

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

A collection of gdb tips. 100 maybe just mean many here.

Collection of malware source code for a variety of platforms in an array of different programming languages.

Simple native jvm class dumper written in C by hook ClassLoader

《黑客免杀攻防》一书中的C++壳

Tools and PoCs for Windows syscall investigation.

A tool to parse and load module in memory, as well as attach a DLL in EXE. Most of the functions are inline, so that it can also be used in shellcode.

nopowershell

Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM.

iMonitor（冰镜 - 终端行为分析系统）

A curated list of awesome resources related to executable packing

Wechat Chat History Exporter 微信聊天记录导出程序

🔥Open source RASP solution

An easy-to-use library for emulating code in minidump files.

Some random system tools for Windows

[.NET] m3u8 downloader 开源的命令行m3u8/HLS/dash下载器，支持普通AES-128-CBC解密，多线程，自定义请求头等. 支持简体中文,繁体中文和英文. English Supported.