ntoskrnl 最近的时间轴更新

antispy AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its assistance,you can easily spot and neutralize malwares hidden from normal detectors.

findpg Windbg extension to find PatchGuard pages

IRPMon The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracker but has several enhancements. It supports 64-bit versions of Windows (no inline hooks are used, only moodifications to driver object structures are performed) and monitors IRP, FastIo, AddDevice, DriverUnload and StartIo requests.

lcxl-shadow LCXL影子系统

miwifi Kernel, Toolchain ... of Xiaomi Router R1D

mona Corelan Repository for mona.py

NtosKrnlWin.github.io Jekyll Theme

PyAna PyAna - Analyzing the Windows shellcode

PythonForWindows A codebase aimed to make interaction with Windows and native execution easier

SwishDbgExt Incident Response & Digital Forensics Debugging Extension

Sysmon_reverse

test

ufgraph

unitracer Windows API tracer for malware

UPGDSED Universal PatchGuard and Driver Signature Enforcement Disable

vmdetector Automatically exported from code.google.com/p/vmdetector

vmdetectorsys Automatically exported from code.google.com/p/vmdetectorsys

wdbgark WinDBG Anti-RootKit Extension

windows-syscall-table windows syscall table from xp ~ 10 rs4

windows_syscalls_dumper A dirty IDAPython script to dump windows system call number/name pairs as JSON

WinObjEx64 Windows Object Explorer 64-bit

Winpayloads Undetectable Windows Payload Generation

xsock xsock is tcp data transfer tool, modify from https://github.com/Lykan-sec/LCX

ntoskrnl Discovery Notes V2EX 第 222113 号会员，加入于 2017-03-21 10:12:47 +08:00