Go bindings for YARA

Automatic and platform-independent unpacker for Windows binaries based on emulation

Vmware Hardened VM detection mitigation loader (anti anti-vm)

Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2

Simple VM based x86 PE (portable exectuable) protector.

PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts

System call hook for Windows 10 20H1

A bunch of Windows anti-debugging tricks for x86 and x64.

Features a kernel driver - fully functional login loader with a MySQL database - HWID checker - licensing system - r6 cheat features - menu

Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module

Shoggoth: Asmjit Based Polymorphic Encryptor

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

AntiDebugging sample sources written in C++

Notes on using the Python bindings for the Unicorn Engine

Mono Framework Injector (C#) using MInject Library

Mono Framework Interaction / Injection Library for .NET (C++/CLI)

Anti-Cheat for Source Games

研究和移除各种内核回调,在anti anti cheat的路上越走越远

Perform remote calls in x64

VM一键加壳/脱壳，全压缩，反调试等

Venom is a library that meant to perform evasive communication using stolen browser socket

热门网络游戏辅助开发教程

IP redirection+NAT for Windows

Protected Processes Light Killer

Simple code to manipulate the memory of a usermode process from kernel.

Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms