Reversing EasyAntiCheat.

Ghidra is a software reverse engineering (SRE) framework

windows kernel security development

Using Driver Global Injection dll, it can hide DLL modules

Driver that uses network sockets to communicate with client and read/ write protected process memory.

Access Log Plugin for Typecho

Turn off PatchGuard in real time for win7 (7600) ~ win10 (17763).

TLA+ specification for the Raft consensus algorithm

参照着OLLVM写的一个混淆库,只要机器上有装LLVM，就可以直接编译拿来用

pseudo-code to show how to disable patchguard with win10

A hypervisor hiding user-mode memory using EPT

An usermode BE Rootkit Bypass

A small C like scripting language with a few small novel features.

Monitoring and controlling kernel API calls with stealth hook using EPT

A Tool for Automatic Analysis of Malware Behavior

KCP - A Fast and Reliable ARQ Protocol

乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops

Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code.

增强Chrome的工具

Source code and binaries of FlexiSpy from the Flexidie dump

RAT-via-Telegram

Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg

Decrypted content of eqgrp-auction-file.tar.xz

Learning Python Interaction With Windows

I havent found a reasonable version of the BlackHole exploit kit without the ionCube annoyances; so here is a fix for that problem :) Please keep in mind that these files have been decoded and sha…

BlackNurse attack PoC