This application allows you to put various limits on Windows processes.

Adaptive DLL hijacking / dynamic export forwarding

Adaptive DLL hijacking / dynamic export forwarding

Enumerate and disable common sources of telemetry used by AV/EDR.

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

These are highly unstable, buggy, incomplete plugins that are not included with Process Hacker by default.

OBS Studio - Free and open source software for live streaming and screen recording

The C++ Core Guidelines are a set of tried-and-true guidelines, rules, and best practices about coding in C++

etw hook (syscall/infinity hook) compatible with the latest Windows version of PG

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

Crinkler is an executable file compressor (or rather, a compressing linker) for compressing small 32-bit Windows demoscene executables. As of 2020, it is the most widely used tool for compressing 1…

PDB Downloader - An easier way to download Microsoft's public symbols for Libraries and Executables.

some gadgets about windows process and ready to use :)

Sleep Obfuscation

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

Generic PE loader for fast prototyping evasion techniques

Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections

Walks the CFG bitmap to find previously executable but currently hidden shellcode regions

shellcode生成框架

无Windows API的新型恶意程序：自缺陷程序利用堆栈溢出的隐匿稳定攻击技术研究，A new type of malicious program without Windows API

Portable Executable reversing tool with a friendly GUI

Simple x86/x64 Assembler/Disassembler/Emulator

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

Alternative Shellcode Execution Via Callbacks

绕过卡巴斯基主动防御,加载驱动，unhook所有ssdt hook及shadow ssdt hook

Sysark全称system anti-rootkit，是我学习内核写的工具（2013年的代码，后续不会再更新），里面基本上所有的功能都是用内核实现的。这里只是实现了反rootkit部分功能，作为工具的话，本人觉得还欠完善，但作为学习，或有人需要。目前针对的是XP SP2，对于其它版本的系统或者BSOD的问题，需要的人DIY一下。目前实现的功能： 进程/线程/模块、 驱动模块、 SSDT、 …