這是一本看了一行 C 程式碼就有能力在腦裡計算完動靜態記憶體分佈、並在白板上手寫出可執行程式十六進位的內容的基礎書。 整本書精煉了逆向工程、編譯器、與系統實務原理三個領域而成的 Windows 資安攻擊實務研究,以紅隊視角從逆向工程角度解釋近年來各國國家級網軍曾使用過的攻擊技巧、並打下扎實的 PE 攻擊手法基礎。內容涵蓋了程式蠕蟲感染、Shellcode 開發、加殼、惡意提權、路徑解析奇技淫巧、數位簽章偽造 等惡意程式與遊戲外掛所採用過的攻擊技術。
本開源專案為書中各章節技術實作之完整原始碼,請參閱 source目錄 閱讀更多。
WindowsExplorerExtension Extensions for windows explorer, tested on windows 10 & windows 11. New Folder Extension What's This A Gnome nautilus inspire
Defender Control Open source windows defender disabler. Now you can disable windows defender permanently! Tested from Windows 10 20H2. Also working on
Linenoise Next Generation A small, portable GNU readline replacement for Linux, Windows and MacOS which is capable of handling UTF-8 characters. Unlik
Read Evaluate Print Loop ++ A small, portable GNU readline replacement for Linux, Windows and MacOS which is capable of handling UTF-8 characters. Unl
G3log : Asynchronous logger with Dynamic Sinks EXAMPLE Project with g3log An example project integration of g3log, both statially and dynamically buil
The Hoard Memory Allocator Copyright (C) 1998-2020 by Emery Berger The Hoard memory allocator is a fast, scalable, and memory-efficient memory allocat
QtAV QtAV is a multimedia playback library based on Qt and FFmpeg. It can help you to write a player with less effort than ever before. QtAV has been
English | 简体中文 | 繁體中文 Overview Drogon is a C++14/17-based HTTP application framework. Drogon can be used to easily build various types of web applicat
Vcpkg: Overview 中文总览 Español 한국어 Français Vcpkg helps you manage C and C++ libraries on Windows, Linux and MacOS. This tool and ecosystem are constant
Universal toolchain Low-effort cross-compiling for the masses. What's Universal toolchain? It's a collection of sysroots and shell scripts in such a w
XivAlexander Connection Image Korea to NA DC VPN only Korea to NA DC XivAlexander enabled Korea to Korean DC Direct connection Use XivMitmLatencyMitig
UnhookMe - Dynamically unhooking imports resolver In the era of intrusive AVs and EDRs that introduce hot-patches to the running processes for their e
PDAcl 是一个支持Windows活动目录扩展权限设置、Windows活动目录常规权限设置、Windows服务权限设置的命令工具。
BSOD Survivor Tired of always telling yourself when you got a BSOD that what if I could just return to the caller function which caused the BSOD, and
Perfusion On Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012, the registry key of the RpcEptMapper and DnsCache (7/2008R2 only) s
Opencore EFI Generator for Windows THIS APP IS NOT READY YET, NO FUNCTIONS OR ANYTHING IS ADDED A Utility to create EFI Folder for Opencore bootloader
DirectX SDK Legacy Samples This repo contains Direct3D 9, Direct3D 10, a few Direct3D 11, and DirectSound samples that originally shipped in the legac
Approval Tests for C++ ⬇️ Download the latest version (v.10.8.0) of the single header file here. 📖 Read the Docs Contents What are Approval Tests? Re
English | 简体中文 | 繁體中文 Overview Drogon is a C++14/17-based HTTP application framework. Drogon can be used to easily build various types of web applicat
memscan Feature-rich C99 library for memory scanning purposes, designed for Windows running machines, meant to work on both 32-bit and 64-bit portable
Memory-Mapped File C++ Library Tutorial and Reference Purpose This is a library, for the C++98 language and its successive versions, to handle files a
Azure Outlook C2 Azure Outlook Command & Control that uses Microsoft Graph API for C2 communications & data exfiltration. Remotely Control a compromis
WARFOX is a software-based HTTPS beaconing Windows implant that uses a multi-layered proxy network for C2 communications. This kit was designed to emulate covert APT offensive operations. This kit includes WARFOX (Windows implant), HIGHTOWER (Listening Post), and other tools to build configs and set up a proxy network.
aptpac aptpac is a program which helps with the transition to Arch Linux and Arch based distros like Manjaro. It simplifies using pacman as it works l
ep_dwm Implements a Windows service that removes the rounded corners for windows in Windows 11. Tested on Windows 11 build 22000.434. Pre-compiled bin
The Windows Calculator app is a modern Windows app written in C++ that ships pre-installed with Windows. The app provides standard, scientific, and programmer calculator functionality, as well as a set of converters between various units of measurement and currencies.
The new Windows Terminal and the original Windows console host, all in the same place!
An advanced installer for Microsoft Windows that mimics the looks of the Windows XP and older installers. Takes any modern (Vista and newer) Windows ISO or WIM file and creates a old styled Windows Setup experience on the go.
This repository covers various techniques and methods I write while conducting research into infoleaks, these are for leaking various Windows kernel a
4 Jan 13, 2022
583 Dec 28, 2022
340 Dec 6, 2022
604 Jan 6, 2023
802 Dec 23, 2022
927 Jan 2, 2023
3.4k Dec 27, 2022
8.5k Dec 31, 2022
17.5k Jan 1, 2023
67 Jan 5, 2023
525 Jan 1, 2023
304 Jan 2, 2023
61 Oct 30, 2022
159 Dec 21, 2022
397 Jan 3, 2023
33 Nov 2, 2022
44 Jan 2, 2023
268 Dec 25, 2022
15 Oct 2, 2022
84 Dec 28, 2022
328 Dec 25, 2022
85 Nov 25, 2022
18 Dec 4, 2022
24 Dec 29, 2022
26.5k Jan 9, 2023
5 Dec 17, 2022