著作《Windows APT Warfare:惡意程式前線戰術指南》各章節技術實作之原始碼內容

Overview

Windows-APT-Warfare

drawing

《Windows APT Warfare:惡意程式前線戰術指南》

這是一本看了一行 C 程式碼就有能力在腦裡計算完動靜態記憶體分佈、並在白板上手寫出可執行程式十六進位的內容的基礎書。 整本書精煉了逆向工程、編譯器、與系統實務原理三個領域而成的 Windows 資安攻擊實務研究,以紅隊視角從逆向工程角度解釋近年來各國國家級網軍曾使用過的攻擊技巧、並打下扎實的 PE 攻擊手法基礎。內容涵蓋了程式蠕蟲感染、Shellcode 開發、加殼、惡意提權、路徑解析奇技淫巧、數位簽章偽造 等惡意程式與遊戲外掛所採用過的攻擊技術。

本開源專案為書中各章節技術實作之完整原始碼,請參閱 source目錄 閱讀更多。

書籍資訊

You might also like...
Some extensions for windows explorer, tested on windows 10+

WindowsExplorerExtension Extensions for windows explorer, tested on windows 10 & windows 11. New Folder Extension What's This A Gnome nautilus inspire

Defender-control - An open-source windows defender manager. Now you can disable windows defender permanently.
Defender-control - An open-source windows defender manager. Now you can disable windows defender permanently.

Defender Control Open source windows defender disabler. Now you can disable windows defender permanently! Tested from Windows 10 20H2. Also working on

A small self-contained alternative to readline and libedit that supports UTF-8 and Windows and is BSD licensed.

Linenoise Next Generation A small, portable GNU readline replacement for Linux, Windows and MacOS which is capable of handling UTF-8 characters. Unlik

A readline and libedit replacement that supports UTF-8, syntax highlighting, hints and Windows and is BSD licensed.
A readline and libedit replacement that supports UTF-8, syntax highlighting, hints and Windows and is BSD licensed.

Read Evaluate Print Loop ++ A small, portable GNU readline replacement for Linux, Windows and MacOS which is capable of handling UTF-8 characters. Unl

The Hoard Memory Allocator: A Fast, Scalable, and Memory-efficient Malloc for Linux, Windows, and Mac.

The Hoard Memory Allocator Copyright (C) 1998-2020 by Emery Berger The Hoard memory allocator is a fast, scalable, and memory-efficient memory allocat

A cross-platform multimedia framework based on Qt and FFmpeg(https://github.com/wang-bin/avbuild). High performance. User & developer friendly. Supports Android, iOS, Windows store and desktops. 基于Qt和FFmpeg的跨平台高性能音视频播放框架 Drogon: A C++14/17 based HTTP web application framework running on Linux/macOS/Unix/Windows
Drogon: A C++14/17 based HTTP web application framework running on Linux/macOS/Unix/Windows

English | 简体中文 | 繁體中文 Overview Drogon is a C++14/17-based HTTP application framework. Drogon can be used to easily build various types of web applicat

C++ Library Manager for Windows, Linux, and MacOS

Vcpkg: Overview 中文总览 Español 한국어 Français Vcpkg helps you manage C and C++ libraries on Windows, Linux and MacOS. This tool and ecosystem are constant

the checkra1n set of tools targeting bare metal, Linux and Windows

Universal toolchain Low-effort cross-compiling for the masses. What's Universal toolchain? It's a collection of sysroots and shell scripts in such a w

Double weave on high latency add-on for Final Fantasy XIV for  Windows PC.
Double weave on high latency add-on for Final Fantasy XIV for Windows PC.

XivAlexander Connection Image Korea to NA DC VPN only Korea to NA DC XivAlexander enabled Korea to Korean DC Direct connection Use XivMitmLatencyMitig

UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware

UnhookMe - Dynamically unhooking imports resolver In the era of intrusive AVs and EDRs that introduce hot-patches to the running processes for their e

Play Doh Windows ACL Tools

PDAcl 是一个支持Windows活动目录扩展权限设置、Windows活动目录常规权限设置、Windows服务权限设置的命令工具。

This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!

BSOD Survivor Tired of always telling yourself when you got a BSOD that what if I could just return to the caller function which caused the BSOD, and

Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)
Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

Perfusion On Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012, the registry key of the RpcEptMapper and DnsCache (7/2008R2 only) s

OC EFI Generator for Windows, Coded in C#
OC EFI Generator for Windows, Coded in C#

Opencore EFI Generator for Windows THIS APP IS NOT READY YET, NO FUNCTIONS OR ANYTHING IS ADDED A Utility to create EFI Folder for Opencore bootloader

This repo contains Direct3D 9, Direct3D 10, a few Direct3D 11, and DirectSound C++ samples from the legacy DirectX SDK updated to build using the Windows 10 SDK and the Microsoft.DXSDK.D3DX NuGet package

DirectX SDK Legacy Samples This repo contains Direct3D 9, Direct3D 10, a few Direct3D 11, and DirectSound samples that originally shipped in the legac

Native ApprovalTests for C++ on Linux, Mac and Windows

Approval Tests for C++ ⬇️ Download the latest version (v.10.8.0) of the single header file here. 📖 Read the Docs Contents What are Approval Tests? Re

Drogon: A C++14/17 based HTTP web application framework running on Linux/macOS/Unix/Windows
Drogon: A C++14/17 based HTTP web application framework running on Linux/macOS/Unix/Windows

English | 简体中文 | 繁體中文 Overview Drogon is a C++14/17-based HTTP application framework. Drogon can be used to easily build various types of web applicat

Owner
Sheng-Hao Ma
30cm.tw/me
Sheng-Hao Ma
Feature-rich C99 library for memory scanning purposes, designed for Windows running machines, meant to work on both 32-bit and 64-bit portable executables. Has a modern C++ wrapper.

memscan Feature-rich C99 library for memory scanning purposes, designed for Windows running machines, meant to work on both 32-bit and 64-bit portable

cristei 15 Oct 2, 2022
C++98 library that encapsulates memory-mapped-files for POSIX or Windows

Memory-Mapped File C++ Library Tutorial and Reference Purpose This is a library, for the C++98 language and its successive versions, to handle files a

Carlo Milanesi 84 Dec 28, 2022
Bobby Cooke 328 Dec 25, 2022
An HTTPS beaconing Windows implant and multi-layered proxy C2 network designed for covert APT emulation focused offensive operations

WARFOX is a software-based HTTPS beaconing Windows implant that uses a multi-layered proxy network for C2 communications. This kit was designed to emulate covert APT offensive operations. This kit includes WARFOX (Windows implant), HIGHTOWER (Listening Post), and other tools to build configs and set up a proxy network.

null 85 Nov 25, 2022
A simple wrapper for 'pacman' with a syntax similar to 'apt' to help people transitioning to Arch and Arch based distributions like Manjaro.

aptpac aptpac is a program which helps with the transition to Arch Linux and Arch based distros like Manjaro. It simplifies using pacman as it works l

Itai Nelken 18 Dec 4, 2022
Implements a Windows service (in a DLL) that removes the rounded corners for windows in Windows 11

ep_dwm Implements a Windows service that removes the rounded corners for windows in Windows 11. Tested on Windows 11 build 22000.434. Pre-compiled bin

Valentin-Gabriel Radu 24 Dec 29, 2022
Windows Calculator: A simple yet powerful calculator that ships with Windows

The Windows Calculator app is a modern Windows app written in C++ that ships pre-installed with Windows. The app provides standard, scientific, and programmer calculator functionality, as well as a set of converters between various units of measurement and currencies.

Microsoft 26.5k Jan 9, 2023
The new Windows Terminal and the original Windows console host, all in the same place!

The new Windows Terminal and the original Windows console host, all in the same place!

Microsoft 86.8k Dec 29, 2022
Windows 2000 styled installer for Panther based distributions of Microsoft Windows (WIM files).

An advanced installer for Microsoft Windows that mimics the looks of the Windows XP and older installers. Takes any modern (Vista and newer) Windows ISO or WIM file and creates a old styled Windows Setup experience on the go.

null 5 Dec 17, 2022
Windows kernel information leakage POCs on Windows 10 RS1+

This repository covers various techniques and methods I write while conducting research into infoleaks, these are for leaking various Windows kernel a

null 2 Dec 18, 2022