awesome-windows-kernel-security-development

❤️

windows kernel driver with c++ runtime

• https://github.com/HoShiMin/Kernel-Bridge
• https://github.com/wjcsharp/Common
•  https://github.com/ExpLife/DriverSTL
• https://github.com/sysprogs/BazisLib
• https://github.com/AmrThabet/winSRDF
• https://github.com/sidyhe/dxx
• https://github.com/zer0mem/libc
• https://github.com/eladraz/XDK
• https://github.com/vic4key/Cat-Driver
• https://github.com/AndrewGaspar/km-stl
• https://github.com/zer0mem/KernelProject
• https://github.com/zer0mem/miniCommon
• https://github.com/jackqk/mystudy
• https://github.com/yogendersolanki91/Kernel-Driver-Example

blackbone

• https://github.com/alexpsp00/x-elite-loader
• https://github.com/DarthTon/Xenos
• https://github.com/DarthTon/Blackbone

winio

• https://github.com/Jehoash/WinIO3.0

dkom

• https://blog.csdn.net/zhuhuibeishadiao/article/details/51136650 (get process full path name)
• https://bbs.pediy.com/thread-96427.htm (modify process image name)
• https://github.com/ZhuHuiBeiShaDiao/PathModification
• https://github.com/ZhuHuiBeiShaDiao/NewHideDriverEx
• https://github.com/Sqdwr/HideDriver
• https://github.com/nbqofficial/HideDriver
• https://github.com/landhb/HideProcess
• https://github.com/tfairane/DKOM

ssdt hook

• https://github.com/Sqdwr/64-bits-inserthook
• https://github.com/int0/ProcessIsolator
• https://github.com/mrexodia/TitanHide (x64dbg Plugin)-(DragonQuestHero Suggest)
• https://github.com/papadp/shd
• https://github.com/bronzeMe/SSDT_Hook_x64
• https://github.com/s18leoare/Hackshield-Driver-Bypass
• https://github.com/sincoder/hidedir
• https://github.com/wyrover/HKkernelDbg
• https://github.com/CherryZY/Process_Protect_Module
• https://github.com/weixu8/RegistryMonitor
• https://github.com/nmgwddj/Learn-Windows-Drivers

eat/iat/object/irp/iat hook

• https://github.com/m0n0ph1/IAT-Hooking-Revisited
• https://github.com/xiaomagexiao/GameDll
• https://github.com/HollyDi/Ring0Hook
• https://github.com/mgeeky/prc_xchk
• https://github.com/tinysec/iathook

inline hook

• https://github.com/chinatiny/InlineHookLib (R3 & R0)
• https://github.com/tongzeyu/HookSysenter
• https://github.com/VideoCardGuy/HideProcessInTaskmgr
• https://github.com/MalwareTech/FstHook
• https://github.com/Menooker/FishHook
• https://github.com/G-E-N-E-S-I-S/latebros
• https://bbs.pediy.com/thread-214582.htm

inject technique

• https://github.com/alex9191/Kernel-dll-injector (DllInjectFromKernel)
• https://github.com/strivexjun/DriverInjectDll (MapInjectDll)
• https://github.com/wbenny/keinject (ApcInjectFromKernel)
• https://github.com/sud0loo/ProcessInjection
• https://github.com/apriorit/SvcHostDemo
• https://github.com/can1357/ThePerfectInjector
• https://github.com/VideoCardGuy/X64Injector
• https://github.com/papadp/reflective-injection-detection (InjectFromMemory)
• https://github.com/psmitty7373/eif (InjectFromMemory)
• https://github.com/rokups/ReflectiveLdr (InjectFromMemory)
• https://github.com/BenjaminSoelberg/ReflectivePELoader (InjectFromMemory)
• https://github.com/NtRaiseHardError/Phage (InjectFromMemory)
• https://github.com/dismantl/ImprovedReflectiveDLLInjection (InjectFromMemory)
• https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher (InjectFromMemory)
• https://github.com/amishsecurity/paythepony (InjectFromMemory)
• https://github.com/deroko/activationcontexthook
• https://github.com/ez8-co/yapi (Cross x86 & x64 injection)
• https://github.com/georgenicolaou/HeavenInjector
• https://github.com/tinysec/runwithdll
• https://github.com/NtOpcode/NT-APC-Injector
• https://github.com/caidongyun/WinCodeInjection
• https://github.com/countercept/doublepulsar-usermode-injector
• https://github.com/mq1n/DLLThreadInjectionDetector
• https://github.com/hkhk366/Memory_Codes_Injection
• https://github.com/chango77747/ShellCodeInjector_MsBuild
• https://github.com/Zer0Mem0ry/ManualMap
• https://github.com/secrary/InfectPE
• https://github.com/zodiacon/DllInjectionWithThreadContext
• https://github.com/NtOpcode/RtlCreateUserThread-DLL-Injection
• https://github.com/hasherezade/chimera_loader
• https://github.com/Ciantic/RemoteThreader
• https://github.com/OlSut/Kinject-x64
• https://github.com/tandasat/RemoteWriteMonitor
• https://github.com/stormshield/Beholder-Win32
• https://github.com/secrary/InjectProc
• https://github.com/AzureGreen/InjectCollection
• https://github.com/uItra/Injectora
• https://github.com/rootm0s/Injectors
• https://github.com/Spajed/processrefund
• https://github.com/al-homedawy/InjecTOR
• https://github.com/OlSut/Kinject-x64
• https://github.com/stormshield/Beholder-Win32
• https://github.com/yifiHeaven/MagicWall

anti autorun

• https://github.com/analyst004/autorun

anti dll inject

• https://github.com/analyst004/antinject
• https://github.com/ExpLife/BotKiller

load Dll from memory

• https://github.com/jnastarot/native_peloader
• https://github.com/fancycode/MemoryModule
• https://github.com/strivexjun/MemoryModulePP

Unpack dll load in runtime

• https://github.com/1ce0ear/DllLoaderUnpacker

anti dll hijack

• https://github.com/fortiguard-lion/anti-dll-hijacking

process hollowing

• https://github.com/xfgryujk/InjectExe
• https://github.com/m0n0ph1/Basic-File-Crypter
• https://github.com/Spajed/processrefund
• https://github.com/KernelMode/Process_Doppelganging
• https://github.com/hasherezade/process_doppelganging
• https://github.com/m0n0ph1/Process-Hollowing
• https://github.com/KernelMode/RunPE-ProcessHollowing
• https://github.com/KernelMode/RunPE_Detecter

pe loader

• https://github.com/FrankStain/pe-loader
• https://github.com/VideoCardGuy/PELoader

dll to shellcode

• https://github.com/w1nds/dll2shellcode

hide process

• https://github.com/M00nRise/ProcessHider

hide & delete dll

• https://github.com/wyyqyl/HideModule

load driver from memory

• https://github.com/ZhuHuiBeiShaDiao/DriverMaper
• https://github.com/9176324/KernelMemoryModule (Enable Exception)
• https://github.com/not-wlan/driver-hijack
• https://github.com/Professor-plum/Reflective-Driver-Loader

hook engine

• https://github.com/Synestraa/ArchUltimate.HookLib
• https://github.com/DominicTobias/detourxs
•  https://github.com/Ilyatk/HookEngine
• https://github.com/zyantific/zyan-hook-engine
• https://github.com/martona/mhook
• https://github.com/EasyHook/EasyHook
• https://github.com/RelicOfTesla/Detours

callback

• https://github.com/Sqdwr/RemoveCallBacks
• https://github.com/JKornev/hidden
• https://github.com/binbibi/CallbackEx
• https://github.com/swwwolf/cbtest
• https://github.com/nmgwddj/Learn-Windows-Drivers
• https://github.com/SamLarenN/CallbackDisabler

minifilter

• https://github.com/NtRaiseHardError/Anti-Delete (File anti delete)
• https://github.com/Randomize163/FSDefender
• https://github.com/ETEFS/ETEFS_Mini
• https://github.com/gfleury/ProtegeDados_ProjetoFinal
• https://github.com/denisvieriu/Portable-Executable-Minifilter-Driver
• https://github.com/surajfale/passthrough-minifilter-driver
• https://github.com/louk78/Virgo
• https://github.com/tandasat/Scavenger
• https://github.com/dubeyprateek/HideFiles
• https://github.com/aleksk/LazyCopy
• https://github.com/guidoreina/minivers
• https://github.com/idkwim/mfd
• https://github.com/Coxious/Antinvader
• https://github.com/tandasat/Scavenger
• https://github.com/fishfly/X70FSD
• https://github.com/ExpLife/BKAV.Filter

virtual disk

• https://github.com/zhaozhongshu/winvblock_vs
• https://github.com/yogendersolanki91/Kernel-Driver-Example

virtual file system

• https://github.com/ExpLife/CodeUMVFS
• https://github.com/yogendersolanki91/ProcessFileSystem
• https://github.com/BenjaminKim/dokanx

lpc

• https://github.com/avalon1610/LPC

alpc

• https://github.com/avalon1610/ALPC

lsp

• https://github.com/AnwarMohamed/Packetyzer

afd

• https://github.com/xiaomagexiao/GameDll
• https://github.com/DeDf/afd
• https://github.com/a252293079/NProxy

tdi

• https://github.com/xue-blood/adfilter
• https://github.com/alex9191/NetDriver (send & receive HTTP requests)
• https://github.com/alex9191/ZeroBank-ring0-bundle
• https://github.com/Sha0/winvblock
• https://github.com/michael4338/TDI
• https://github.com/cullengao/tdi_monitor
• https://github.com/uniking/TDI-Demo
• https://github.com/codereba/netmon

wfp

• https://github.com/mullvad/libwfp
• https://github.com/gifur/NetworkMnt
• https://github.com/ss-abramchuk/OpenVPNAdapter/blob/f016614ed3dec30672e4f1821344b7992825a98d/OpenVPN%20Adapter/Vendors/openvpn/openvpn/tun/win/wfp.hpp
• https://github.com/itari/vapu
• https://github.com/basil00/Divert
• https://github.com/WPO-Foundation/win-shaper
• https://github.com/raymon-tian/WFPFirewall
• https://github.com/killbug2004/HashFilter
• https://github.com/henrypp/simplewall
• https://docs.microsoft.com/zh-cn/windows-hardware/drivers/network/porting-packet-processing-drivers-and-apps-to-wfp
• https://github.com/thecybermind/ipredir

ndis

• https://github.com/pr0v3rbs/MalSiteBlocker
•  https://github.com/Beamer-LB/netmap/tree/stable/WINDOWS
•  https://github.com/ndemarinis/ovs/tree/22a1ba42f8137cd3532b54880b19b51d4b87440d/datapath-windows/ovsext
•  https://github.com/markjandrews/CodeMachineCourse/tree/5473d4ea808791c2a048f2c8c9c86f011a6da5e8/source/kerrkt.labs/labs/NdisLwf
• https://github.com/openthread/openthread/tree/master/examples/drivers/windows
•  https://github.com/Hartigan/Firewall
•  https://github.com/zy520321/ndis-filter
• https://github.com/yuanmaomao/NDIS_Firewall
• https://github.com/SoftEtherVPN/Win10Pcap
• https://github.com/IsoGrid/NdisProtocol
• https://github.com/lcxl/lcxl-net-loader
• https://www.ntkernel.com/windows-packet-filter/
• https://github.com/michael4338/NDIS
• https://github.com/IAmAnubhavSaini/ndislwf
• https://github.com/OpenVPN/tap-windows6
• https://github.com/SageAxcess/pcap-ndis6
• https://github.com/uniking/NDIS-Demo
• https://github.com/mkdym/NDISDriverInst
• https://github.com/debugfan/packetprot
• https://github.com/Iamgublin/NDIS6.30-NetMonitor
• https://github.com/nmap/npcap
• https://github.com/Ltangjian/FireWall
• https://github.com/Microsoft/Windows-driver-samples/tree/master/network/config/bindview
• https://github.com/brorica/http_inject (winpcap)

wsk

• https://github.com/reinhardvz/wsk
• https://github.com/akayn/kbMon
• https://github.com/02strich/audionet
• https://github.com/mestefy/securityplus
• https://github.com/skycipher/CNGProvider

rootkits

• https://github.com/Psychotropos/xhunter1_privesc (XIGNCODE3)
• https://github.com/ionescu007/r0ak (RWE)
• https://github.com/cyberweapons/cyberweapons
• https://github.com/huoji120/AV-Killer
• https://github.com/Sqdwr/DeleteFile
• https://github.com/Sqdwr/DeleteFileByCreateIrp
• https://github.com/Mattiwatti/PPLKiller
• https://github.com/bfosterjr/ci_mod
• https://github.com/HoShiMin/EnjoyTheRing0
• https://github.com/hfiref0x/ZeroAccess
• https://github.com/hackedteam/driver-win32
• https://github.com/hackedteam/driver-win64
• https://github.com/csurage/Rootkit
• https://github.com/bowlofstew/rootkit.com
• https://github.com/Nervous/GreenKit-Rootkit
• https://github.com/bytecode-77/r77-rootkit
• https://github.com/Cr4sh/WindowsRegistryRootkit
• https://github.com/Alifcccccc/Windows-Rootkits
• https://github.com/Schnocker/NoEye
• https://github.com/christian-roggia/open-myrtus
• https://github.com/Cr4sh/DrvHide-PoC
• https://github.com/mstefanowich/SquiddlyDiddly2
• https://github.com/MalwareTech/FakeMBR
• https://github.com/Cr4sh/PTBypass-PoC
• https://github.com/psaneme/Kung-Fu-Malware
• https://github.com/hasherezade/persistence_demos
• https://github.com/MinhasKamal/TrojanCockroach
• https://github.com/akayn/kbMon

mbr

• https://github.com/Cisco-Talos/MBRFilter

bootkits

• https://github.com/DeviceObject/rk2017
• https://github.com/DeviceObject/ChangeDiskSector
• https://github.com/DeviceObject/Uefi_HelloWorld
• https://github.com/DeviceObject/ShitDrv
• https://github.com/DeviceObject/DarkCloud
• https://github.com/nyx0/Rovnix
• https://github.com/MalwareTech/TinyXPB
• https://github.com/m0n0ph1/Win64-Rovnix-VBR-Bootkit
• https://github.com/NextSecurity/Gozi-MBR-rootkit
• https://github.com/NextSecurity/vector-edk
• https://github.com/ahixon/booty

uefi/smm

• https://github.com/DeviceObject/Uefi_HelloWorld
• https://github.com/LongSoft/UEFITool
• https://github.com/dude719/UEFI-Bootkit
• https://github.com/quarkslab/dreamboot
• https://github.com/gyje/BIOS_Rootkit
• https://github.com/scumjr/the-sea-watcher
• https://github.com/zhuyue1314/stoned-UEFI-bootkit
• https://github.com/hackedteam/vector-edk
• https://github.com/Cr4sh/SmmBackdoor
• https://github.com/Cr4sh/PeiBackdoor
• https://github.com/Cr4sh/fwexpl

bootloader

• https://github.com/apriorit/custom-bootloader

smc

• https://github.com/marcusbotacin/Self-Modifying-Code

anti debug

• https://github.com/strivexjun/XAntiDebug
• https://github.com/marcusbotacin/Anti.Analysis
• https://github.com/LordNoteworthy/al-khaser
• https://github.com/eschweiler/ProReversing

crypters

• https://github.com/m0n0ph1/FileCrypter
• https://github.com/iGh0st/Crypters

malware

• https://github.com/lianglixin/RemoteControl-X3
• https://github.com/Souhardya/UBoat (HTTP)
• https://github.com/malwares/Botnet
• https://github.com/RafaelGSS/HyzMall
• https://github.com/DeadNumbers/Pegasus
• https://github.com/mdsecactivebreach/SharpShooter
• https://github.com/mwsrc/XtremeRAT
• https://github.com/mwsrc/Schwarze-Sonne-RAT (delphi)
• https://github.com/Mr-Un1k0d3r/ThunderShell (powershell)
• https://github.com/DimChris0/LoRa
• https://github.com/marcusbotacin/Malware.Multicore
• https://github.com/bxlcity/malware
• https://github.com/grcasanova/SuperVirus
• https://github.com/hackedteam/core-win32
• https://github.com/hackedteam/scout-win
• https://github.com/hackedteam/vector-dropper

EternalBlue && Doublepulsar && Mine

• https://github.com/xmrig/xmrig
• https://github.com/TolgaSEZER/EternalPulse

malware analysis

• https://github.com/ctxis/capemon
• https://github.com/kevthehermit/RATDecoders
• https://github.com/marcusbotacin/Malware.Variants
• https://github.com/marcusbotacin/Hardware-Assisted-AV
• https://github.com/gentilkiwi/spectre_meltdown
• https://github.com/gentilkiwi/wanadecrypt
• https://github.com/bloomer1016
• https://github.com/CHEF-KOCH/malware-research
• https://github.com/gentilkiwi/wanakiwi

arktools

• https://github.com/alex9191/KernelModeMonitor
• https://github.com/marcosd4h/memhunter
• https://github.com/gleeda/memtriage
• https://github.com/KernelMode/Process_Dop
• https://github.com/hm200958/kmdf--analyse
• https://github.com/AzureGreen/WinNT-Learning
• https://github.com/marcusbotacin/BranchMonitoringProject
• https://github.com/AzureGreen/ArkProtect
• https://github.com/AzureGreen/ArkToolDrv
• https://github.com/HollyDi/PCAssistant
• https://github.com/ChengChengCC/Ark-tools
• https://github.com/swatkat/arkitlib
• https://github.com/swwwolf/wdbgark
• https://github.com/zibility/Anti-Rootkits
• https://github.com/SLAUC91/AntiCheat
• https://github.com/sincoder/A-Protect
• https://github.com/apriorit/antirootkit-anti-splicer
• https://github.com/kedebug/ScDetective
• https://github.com/PKRoma/ProcessHacker
• https://github.com/AndreyBazhan/DbgExt
• https://github.com/comaeio/SwishDbgExt
• https://github.com/ExpLife/atomic-red-team
• https://github.com/shenghe/pcmanager
• https://github.com/lj1987new/guardlite
• https://github.com/hackshields/antivirus/
• https://github.com/AntiRootkit/BDArkit

bypass patchguard

• https://github.com/hfiref0x/UPGDSED
• https://github.com/tandasat/PgResarch
• https://github.com/killvxk/DisableWin10PatchguardPoc
• https://github.com/tandasat/findpg
• https://github.com/zer0mem/HowToBoostPatchGuard
• https://bbs.pediy.com/thread-214582.htm

bypass dse

• https://github.com/hfiref0x/TDL
• https://github.com/hfiref0x/DSEFix

HackSysExtremeVulnerableDriver

• https://github.com/mgeeky/HEVD_Kernel_Exploit
• https://www.fuzzysecurity.com/tutorials.html
• https://rootkits.xyz/blog/
• https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
• https://github.com/k0keoyo/HEVD-Double-Free-PoC
• https://github.com/k0keoyo/HEVD-Arbitrary-Overwrite-Exploit-Win10-rs3
• https://github.com/tekwizz123/HEVD-Exploit-Solutions
• https://github.com/k0keoyo/try_exploit
• https://github.com/Cn33liz/HSEVD-VariousExploits
• https://github.com/Cn33liz/HSEVD-StackOverflow
• https://github.com/Cn33liz/HSEVD-StackOverflowX64
• https://github.com/Cn33liz/HSEVD-StackCookieBypass
• https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteGDI
• https://github.com/Cn33liz/HSEVD-StackOverflowGDI
• https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteLowIL
• https://github.com/Cn33liz/HSEVD-ArbitraryOverwrite
• https://github.com/akayn/demos

windows kernel exploits

• https://github.com/SandboxEscaper/randomrepo (win10 LPE)
• https://github.com/jackson5-sec/TaskSchedLPE (LPE)
• https://github.com/HarsaroopDhillon/AHNLab-0day(LPE)
• https://github.com/paranoidninja/Pandoras-Box
• https://github.com/MarkHC/HandleMaster
• https://github.com/can1357/physical_mem_controller
• https://github.com/can1357/safe_capcom
• https://github.com/can1357/CVE-2018-8897
• https://github.com/JeremyFetiveau/Exploits
• https://github.com/hfiref0x/Stryker
• https://github.com/swwwolf/obderef
• https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS
• https://github.com/cbayet/PoolSprayer
• https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC
• https://github.com/k0keoyo/Driver-Loaded-PoC
• https://github.com/k0keoyo/try_exploit
• https://github.com/k0keoyo/CVE-2015-2546-Exploit
• https://github.com/k0keoyo/Dark_Composition_case_study_Integer_Overflow
• https://github.com/tinysec/vulnerability
• https://github.com/akayn/demos
• https://github.com/abatchy17/WindowsExploits
• https://github.com/recodeking/WindowsExploitation
• https://github.com/GDSSecurity/Windows-Exploit-Suggester
• https://github.com/rwfpl/rewolf-pcausa-exploit
• https://github.com/ratty3697/HackSpy-Trojan-Exploit
• https://github.com/SecWiki/windows-kernel-exploits
• https://github.com/sensepost/ms16-098
• https://github.com/shjalayeri/sysret
• https://github.com/sam-b/windows_kernel_resources
• https://github.com/sensepost/gdi-palettes-exp
• https://github.com/ExpLife/ByPassCfg
• https://github.com/Rootkitsmm/WinIo-Vidix
• https://github.com/andrewkabai/vulnwindrv
• https://github.com/mwrlabs/CVE-2016-7255
• https://github.com/MarkHC/HandleMaster
• https://github.com/SamLarenN/CapcomDKOM
• https://github.com/zerosum0x0/puppetstrings
• https://github.com/zerosum0x0/ShellcodeDriver
• https://github.com/Rootkitsmm/WinIo-Vidix
• https://github.com/progmboy/kernel_vul_poc
• https://github.com/rwfpl/rewolf-msi-exploit
• https://github.com/rwfpl/rewolf-pcausa-exploit
• https://github.com/Rootkitsmm/Win10Pcap-Exploit
• https://github.com/Rootkitsmm/MS15-061
• https://github.com/Rootkitsmm/cve-2016-0040
• https://github.com/Rootkitsmm/CVEXX-XX
• https://github.com/sensepost/ms16-098
• https://github.com/Trietptm-on-Security/bug-free-adventure
• https://github.com/sam-b/CVE-2014-4113
• https://github.com/Rootkitsmm/OpenVpn-Pool-Overflow
• https://github.com/Rootkitsmm/UnThreatAVDriver-DOS
• https://github.com/Cr4sh/ThinkPwn
• https://github.com/hfiref0x/CVE-2015-1701
• https://github.com/tyranid/windows-logical-eop-workshop
• https://github.com/google/sandbox-attacksurface-analysis-tools
• https://github.com/tyranid/ExploitRemotingService
• https://github.com/tyranid/DeviceGuardBypasses
• https://github.com/tyranid/ExploitDotNetDCOM
• https://github.com/hatRiot/token-priv(EOP)
• https://github.com/weizn11/MS17010_AllInOne
• https://github.com/TeskeVirtualSystem/MS17010Test

LPE

• https://github.com/nmulasmajic/syscall_exploit_CVE-2018-8897
• https://github.com/codewhitesec/UnmarshalPwn
• https://ohpe.github.io/juicy-potato/

office exploit

• https://github.com/rxwx/CVE-2017-8570

flash exploit

• https://github.com/brianwrf/CVE-2017-4878-Samples

sandbox

• https://github.com/taiFansou/Proteibox

sandbox escape

• https://github.com/SilverMoonSecurity/SandboxEvasion
• https://github.com/exAphex/SandboxEscape
• https://github.com/Fel0ny/Sandbox-Detection
• https://github.com/CheckPointSW/InviZzzible
• https://github.com/MalwareTech/AppContainerSandbox
• https://github.com/tyranid/IE11SandboxEscapes
• https://github.com/649/Chrome-Sandbox-Exploit
• https://github.com/google/sandbox-attacksurface-analysis-tools
• https://github.com/conix-security/zer0m0n
• https://github.com/iceb0y/windows-container
• https://github.com/s7ephen/SandKit
• https://github.com/D4Vinci/Dr0p1t-Framework
• https://github.com/cryptolok/MorphAES
• https://github.com/mtalbi/vm_escape
• https://github.com/unamer/vmware_escape
• https://github.com/erezto/lua-sandbox-escape
• https://github.com/brownbelt/Edge-sandbox-escape
• https://github.com/shakenetwork/vmware_escape
• https://github.com/Cr4sh/prl_guest_to_host

anti exploit

• https://github.com/Empier/Anti-Exploit

cve

• https://github.com/LiuCan01/cve-list-pro
• https://github.com/CVEProject/cvelist

hips

• https://github.com/zareprj/JAV-AV-Engine
• https://github.com/0xdabbad00/OpenHIPS
• https://github.com/ExpLife/Norton_AntiVirus_SourceCode
• https://github.com/majian55555/MJAntiVirusEngine
• https://github.com/develbranch/TinyAntivirus
• https://github.com/tandasat/EopMon
• https://github.com/tandasat/MemoryMon

windows hypervisor

• https://github.com/StrikerX3/whvpclient

vt

• https://github.com/wbenny/hvpp
• https://github.com/Sqdwr/Multi_CPU_VtBase
• https://github.com/marche147/IoctlMon
• https://github.com/ionescu007/SimpleVisor
• https://github.com/zer0mem/MiniHyperVisorProject
• https://github.com/zer0mem/ShowMeYourGongFu
• https://github.com/zer0mem/HyperVisor
• https://github.com/marche147/SimpleVT
• https://github.com/DarthTon/HyperBone
• https://github.com/nick-kvmhv/splittlb
• https://github.com/zareprj/Vmx_Prj
• https://github.com/ZhuHuiBeiShaDiao/MiniVTx64
• https://github.com/tandasat/HyperPlatform
• https://github.com/hzqst/Syscall-Monitor
• https://github.com/asamy/ksm
• https://github.com/in12hacker/VT_64_EPT
• https://github.com/ZhuHuiBeiShaDiao/PFHook
• https://github.com/tandasat/FU_Hypervisor
• https://github.com/tandasat/DdiMon
• https://github.com/tandasat/GuardMon
• https://github.com/yqsy/VT_demo
• https://github.com/OkazakiNagisa/VTbasedDebuggerWin7
• https://github.com/Ouroboros/JuusanKoubou
• https://github.com/aaa1616/Hypervisor
• https://github.com/Nukem9/VirtualDbg
• https://github.com/Nukem9/VirtualDbgHide
• https://github.com/cheat-engine/cheat-engine
• https://github.com/Kelvinhack/kHypervisor

fuzzer

• https://github.com/bee13oy/AV_Kernel_Vulns/tree/master/Zer0Con2017
• https://github.com/k0keoyo/kDriver-Fuzzer (Paper:https://whereisk0shl.top/post/2018-01-30)
• https://github.com/koutto/ioctlbf
• https://github.com/Cr4sh/ioctlfuzzer
• https://github.com/Cr4sh/MsFontsFuzz
• https://github.com/hfiref0x/NtCall64
• https://github.com/Rootkitsmm/Win32k-Fuzzer
• https://github.com/mwrlabs/KernelFuzzer
• https://github.com/SignalSEC/kirlangic-ttf-fuzzer
• https://github.com/demi6od/Smashing_The_Browser
• https://github.com/marche147/IoctlMon
• https://github.com/k0keoyo/Some-Kernel-Fuzzing-Paper

emet

• https://github.com/codingtest/EMET

hotpatch

• https://github.com/codingtest/windows_hotpatch

memory hack

• https://github.com/Empier/MemoryEditor

game hack

• https://github.com/daswareinfach/Battleye-VAC-EAC-Kernel-Bypass (BattlEye)
• https://blog.his.cat/a/fuck_battleye.cat (BattlEye)
• https://github.com/Tai7sy/BE_Fuck (Battleye)
• https://github.com/Synestraa/Highcall-Library
• https://github.com/cheat-engine/cheat-engine
•  https://github.com/DreamHacks/dreamdota
• https://github.com/yoie/NGPlug-in
• https://github.com/DevelopKits/proj
• https://github.com/VideoCardGuy/ExpTool_GUI
• https://github.com/VideoCardGuy/Zhihu_SimpleLog
• https://github.com/VideoCardGuy/NewYuGiOh_CheatDLL_x64
• https://github.com/VideoCardGuy/Tetris
• https://github.com/VideoCardGuy/YuGiOh
• https://github.com/VideoCardGuy/SnakeAI
• https://github.com/VideoCardGuy/gitAsktao
• https://github.com/VideoCardGuy/War3Cheat
• https://github.com/VideoCardGuy/AStar_Study
• https://github.com/VideoCardGuy/BnsChina_SetSpeed
• https://github.com/VideoCardGuy/LOLProjects
• https://github.com/VideoCardGuy/NewYuGiOh_CheatDLL_x64
• https://github.com/VideoCardGuy/PictureMatchGame
• https://github.com/VideoCardGuy/AutoLoginByBnsChina
• https://github.com/VideoCardGuy/MemoryWatchTool
• https://github.com/VideoCardGuy/LOL_China
• https://github.com/mlghuskie/NoBastian
• https://github.com/G-E-N-E-S-I-S/BattlegroundsChams
• https://github.com/luciouskami/XignCode3Bypass
• https://github.com/luciouskami/CS-GO-Simple-Hack
• https://github.com/luciouskami/load-self-mix
• https://github.com/Karaulov/WarcraftIII_DLL_126-127
• https://github.com/TonyZesto/PubgPrivXcode85
• https://github.com/luciouskami/gameguard-for-war3
• https://github.com/PopcornEgg/LOLChangeSkin
• https://github.com/ValveSoftware/ToGL
• https://github.com/Karaulov/War3-SizeLimit-Bypass
• https://github.com/F7eak/Xenon
• https://github.com/syj2010syj/All-Star-Battle-2

anti cheat

• https://github.com/SagaanTheEpic/Sagaan-AntiCheat-V2.0
• https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-Module-
• https://github.com/SagaanTheEpic/SAC-Anti-Debug
• https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-ModuleThread
• https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-OverlayDetector-
• https://github.com/SagaanTheEpic/Mega-Bypasss
• https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-UserMode-
• https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-Driver-
• https://github.com/SagaanTheEpic/SagaanTheEpic-Millin-Hack-SMH-Kernel
• https://github.com/SagaanTheEpic/LSASS-Usermode-Bypass
• https://github.com/SagaanTheEpic/KernelMode-Bypass
• https://github.com/chinatiny/GameAntiCheat
• https://github.com/jnastarot/anti-cheat
• https://github.com/jnastarot/ice9

software reverse

• https://github.com/stonedreamforest/re_avkmgr
• https://github.com/stonedreamforest/re_sysdiag

pe protector

• https://github.com/jnastarot/furikuri

unpacker

• http://n10info.blogspot.com/2018/03/xvolkolak-010.html

symbolic execution

• https://github.com/illera88/Ponce
• https://github.com/gaasedelen/lighthouse

deobfuscation

• https://github.com/mmyydd/relative-pattern
• https://github.com/SCUBSRGroup/OLLVM_Deobfuscation

taint analyse

• https://github.com/cea-sec/miasm (blackhat 2018)
• https://bbs.pediy.com/thread-230299.htm
• https://bbs.pediy.com/thread-230105.htm
• https://bbs.pediy.com/thread-226603.htm
• https://bbs.pediy.com/thread-224353.htm
• https://bbs.pediy.com/thread-223849.htm
• https://github.com/airbus-seclab/bincat
• https://github.com/SCUBSRGroup/Taint-Analyse
•  https://github.com/airbus-seclab/bincat
•  https://github.com/SCUBSRGroup/Taint-Analyse
• https://github.com/piscou/FuzzWin

bin diff

• https://www.zynamics.com/bindiff.html
• https://github.com/joxeankoret/diaphora
• https://github.com/ExpLife/binarydiffer
• https://github.com/ExpLife/patchdiff2_ida6
• https://github.com/ExpLife/patchdiff2

x64dbg plugin

• https://github.com/ThunderCls/xAnalyzer
• https://github.com/mrexodia/TitanHide
• https://github.com/x64dbg/InterObfu
• https://github.com/x64dbg/ScyllaHide
• https://github.com/Nukem9/SwissArmyKnife
• https://github.com/x64dbg/x64dbg/wiki/Plugins

live kernel debug

• https://samsclass.info/126/proj/p12-kernel-debug-win10.htm?tdsourcetag=s_pctim_aiomsg
• https://gds89.wordpress.com/2010/05/19/windows-7-x64-local-and-live-kernel-debugging/

windbg plugin

• https://codeday.me/bug/20171003/80216.html
• http://virtualkd.sysprogs.org/
• https://github.com/VincentSe/WatchTrees

ida script & plugin

• https://github.com/RolfRolles/HexRaysDeob (deobfuscate)
• https://github.com/icewall/BinDiffFilter
• https://github.com/devttys0/ida/
• https://github.com/dude719/SigMaker-x64 (pat2sig)
• https://github.com/fireeye/flare-ida (idb2pat)
• https://zznop.github.io/bnida/
• https://github.com/zyantific/IDASkins
• https://github.com/eugeii/ida-consonance
• https://github.com/mwrlabs/win_driver_plugin
• https://github.com/igogo-x86/HexRaysPyTools
• https://github.com/techbliss/Python_editor
• https://github.com/tmr232/Sark
• http://sark.readthedocs.io/en/latest/debugging.html
• https://bbs.pediy.com/thread-224627.htm (wing debugging idapython script)

ida sig maker

• https://blog.csdn.net/lixiangminghate/article/details/81352205

idapython

• http://www.h4ck.org.cn/2011/07/ida-pe6-dll-unpack/
• https://www.anquanke.com/post/id/151898
• https://www.anquanke.com/post/id/85890
• https://www.cnblogs.com/17bdw/p/7785469.html
• https://4hou.win/wordpress/?cat=1178 (pin & ida)
• https://wizardforcel.gitbooks.io/grey-hat-python/
• http://spd.dropsec.xyz/2016/10/05/IDAPython%E5%AE%89%E8%A3%85/
• http://spd.dropsec.xyz/2017/04/09/%E7%AC%A6%E5%8F%B7%E6%89%A7%E8%A1%8C-%E5%9F%BA%E4%BA%8Epython%E7%9A%84%E4%BA%8C%E8%BF%9B%E5%88%B6%E5%88%86%E6%9E%90%E6%A1%86%E6%9E%B6angr/
• http://spd.dropsec.xyz/2016/10/16/IDAPython%E8%84%9A%E6%9C%AC%E4%B9%8B%E6%94%B6%E9%9B%86%E5%87%BD%E6%95%B0%E7%9A%84%E8%B0%83%E7%94%A8%E4%BF%A1%E6%81%AF/
• http://www.freebuf.com/sectool/92107.html
• http://www.freebuf.com/sectool/92168.html
• http://www.freebuf.com/articles/system/92488.html
• http://www.freebuf.com/articles/system/92505.html
• http://www.freebuf.com/articles/system/93440.html
• https://www.fortinet.com/blog/threat-research/rewriting-idapython-script-objc2-xrefs-helper-py-for-hopper.html
• https://sark.readthedocs.io/en/latest/debugging.html
• https://cartermgj.github.io/2017/10/10/ida-python/
• https://security.tencent.com/index.php/blog/msg/4
• https://wingware.com/doc/howtos/idapython
• http://www.somersetrecon.com/blog/2018/7/6/introduction-to-idapython-for-vulnerability-hunting
• http://0xeb.net/2018/02/writing-a-simple-x86-emulator-with-idapython/
• http://0xeb.net/2018/02/writing-a-simple-x86-emulator-with-idapython/
• https://resources.infosecinstitute.com/saving-time-effort-idapython/#gref
• https://www.thezdi.com/blog/2018/5/21/mindshare-walking-the-windows-kernel-with-ida-python
• https://www.thezdi.com/blog/2018/7/19/mindshare-an-introduction-to-pykd
• https://www.thezdi.com/blog/2018/6/26/mindshare-variant-hunting-with-ida-python
• http://www.mopsled.com/2016/add-shortcut-for-idapython-script-ida-pro/
• http://blog.sina.com.cn/s/blog_9f5e368a0102wnmm.html
• https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/october/python-class-informer-an-idapython-plugin-for-viewing-run-time-type-information-rtti/
• https://www.pydoc.io/pypi/python-idb-0.4.0/autoapi/analysis/index.html
• https://securityxploded.com/api-call-tracing-with-pefile-pydbg-and-idapython.php
• https://www.cnblogs.com/0xJDchen/p/7527236.html
• http://www.williballenthin.com/blog/2015/09/04/idapython-synchronization-decorator/
• https://www.fireeye.com/blog/threat-research/2015/01/flare_ida_pro_script.html
• https://bbs.pediy.com/thread-226983.htm
• https://www.trustwave.com/Resources/SpiderLabs-Blog/Defeating-Flame-String-Obfuscation-with-IDAPython/
• https://www.anquanke.com/post/id/151898
• https://edoc.site/idapython-bookpdf-pdf-free.html
• https://serializethoughts.com/tag/idapython/
• https://exploiting.wordpress.com/2011/12/06/quickpost-idapython-script-to-identify-unrecognized-functions/
• http://barbie.uta.edu/~xlren/Diaphora/diaphora_help.pdf
• https://www.jianshu.com/p/ee789e8acb03
• http://blog.51cto.com/watertoeast/2084700
• http://blog.51cto.com/watertoeast/1352787
• https://blog.clamav.net/2014/02/generating-clamav-signatures-with.html
• https://www.mnin.org/write/2006_extract_xor.pdf
• http://www.hexacorn.com/blog/2015/12/21/idapython-making-strings-decompiler-friendly/
• http://standa-note.blogspot.com/2015/01/arm-exception-handling-and-idapython.html
• http://codegist.net/code/idapython-script/
• https://reverseengineering.stackexchange.com/questions/16055/idapython-get-xrefs-to-a-stack-variable

pykd

• https://www.anquanke.com/post/id/86909
• https://www.anquanke.com/post/id/86896
• https://www.anquanke.com/post/id/83205
• https://blog.csdn.net/jimoguilai/article/details/25286029
• https://blog.csdn.net/jimoguilai/article/details/29827283
• https://blog.csdn.net/jimoguilai/article/details/38122863
• https://blog.csdn.net/linux_vae/article/details/77532758
• https://blog.csdn.net/linux_vae/article/details/77532758
• https://blog.csdn.net/ambihan/article/details/35775933
• https://www.zerodayinitiative.com/blog/2018/7/19/mindshare-an-introduction-to-pykd
• https://www.cnblogs.com/fanzi2009/archive/2012/12/10/2811543.html
• https://cloud.tencent.com/developer/article/1005628
• http://eternalsakura13.com/2018/07/03/firefox_env/
• https://binvoke.com/inline-assembly-in-x64/
• https://webstersprodigy.net/2014/01/06/soft-function-hooking-with-windbg-and-pykd/
• https://rayanfam.com/topics/pykd-tutorial-part1/
• https://rayanfam.com/topics/pykd-tutorial-part2/
• https://labs.mwrinfosecurity.com/blog/heap-tracing-with-windbg-and-python/
• http://www.miguelventura.pt/scripting-windbg-with-pykd.html
• https://labs.nettitude.com/blog/windbg-using-pykd-to-dump-private-symbols/
• https://webstersprodigy.net/2014/01/06/soft-function-hooking-with-windbg-and-pykd/
• https://www.cnblogs.com/fanzi2009/archive/2012/12/10/2811543.html
• http://www.freebuf.com/articles/system/103816.html
• https://bbs.pediy.com/thread-224904.htm
• http://theevilbit.blogspot.com/2017/09/pool-spraying-fun-part-1.html
• http://theevilbit.blogspot.com/2017/09/windows-kernel-pool-spraying-fun-part-2.html
• http://theevilbit.blogspot.com/2017/09/windows-kernel-pool-spraying-fun-part-3.html
• http://theevilbit.blogspot.com/2017/09/windows-kernel-pool-spraying-fun-part-4.html

rpc

• https://github.com/gentilkiwi/basic_rpc

hash dump

• https://github.com/gentilkiwi/mimikatz

auxiliary lib

• https://github.com/David-Reguera-Garcia-Dreg/auxlib

ring3 nt api

• https://github.com/Chuyu-Team/NativeLib

dll hijack

• https://github.com/strivexjun/AheadLib-x86-x64

winpcap

• https://github.com/klemenb/fiddly
• http://blog.csdn.net/Ni9htMar3/article/details/54612394
• https://www.cnblogs.com/xcj26/articles/6073411.html
• http://www.freebuf.com/articles/system/103526.html
• https://github.com/illahaha/zxarps (arpcheat)
• https://github.com/sincoder/zxarps (arpcheat)

metasploit

• https://github.com/ExpLife/metasploit-framework
• https://github.com/NytroRST/NetRipper
• https://github.com/breenmachine/RottenPotatoNG

shadow

• https://github.com/lcxl/lcxl-shadow

http

• https://github.com/OlehKulykov/libnhr
• https://github.com/erickutcher/httpdownloader

https proxy

• http://anyproxy.io/cn/
• https://github.com/killbug2004/HttpsProxy
• https://github.com/erickutcher/httpproxy

sock proxy

• https://github.com/liulilittle/PaperAirplane

mitm

• https://github.com/sipt/shuttle (GO)
• https://github.com/conorpp/MiTM-HTTP-Proxy
• https://github.com/moxie0/sslsniff
• https://github.com/wuchangming/node-mitmproxy
• https://github.com/hostilefork/flatworm
• https://github.com/progtramder/webproxy
• https://github.com/empijei/wapty
• https://github.com/xxxxnnxxxx/HttpProxy
• https://github.com/astibal/smithproxy
• https://github.com/TechnikEmpire/CitadelCore
• https://github.com/TechnikEmpire/HttpFilteringEngine
• https://blog.csdn.net/kunyus/article/details/78679717
• https://github.com/liuyufei/SSLKiller
• http://blog.csdn.net/Tencent_Bugly/article/details/72626127
• https://github.com/pfussell/pivotal

ssl

• https://github.com/edwig/SSLSocket

json

• https://github.com/marcusbotacin/MyJSON

awesome

• https://github.com/Escapingbug/awesome-browser-exploit
• https://github.com/CaledoniaProject/awesome-opensource-security
• https://github.com/rshipp/awesome-malware-analysis
• https://github.com/lmy375/awesome-vmp
• https://github.com/ksluckow/awesome-symbolic-execution
• https://github.com/szysec/ctftest
• https://stackoverflow.com/questions/4946685/good-tutorial-for-windbg
• https://github.com/rmusser01/Infosec_Reference
• https://github.com/sam-b/windows_kernel_resources
• https://github.com/EbookFoundation/free-programming-books
• https://github.com/justjavac/free-programming-books-zh_CN
• https://github.com/rmusser01/Infosec_Reference/
• https://github.com/jshaw87/Cheatsheets
• https://github.com/RPISEC/MBE

windows Driver Kit ddi (device driver interface) documentation

• https://docs.microsoft.com/zh-cn/windows-hardware/drivers/ddi/
• https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/windbg-scripting-preview

windbg preview & jsprovider

• https://bbs.pediy.com/thread-246449.htm
• http://doar-e.github.io/blog/2017/12/01/debugger-data-model/

anti-anti-vm

• https://github.com/hzqst/VmwareHardenedLoader

vm

• https://github.com/tboox/vm86

tools

• http://bytepointer.com/tools/index.htm#peupdate
• https://github.com/endgameinc/xori (Dissasemblers blackhat 2018)
• http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/

post-exploitation

• https://github.com/francisck/DanderSpritz_lab
• https://github.com/francisck/DanderSpritz_docs

nsa security tools

• https://github.com/exploitx3/FUZZBUNCH
• https://github.com/fuzzbunch/fuzzbunch
• https://github.com/peterpt/fuzzbunch

apt

• https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
• https://github.com/kbandla/APTnotes
• https://attack.mitre.org/wiki/Groups
• https://github.com/fdiskyou/threat-INTel

3rd party library

• https://github.com/kingsamchen/WinAntHttp
• https://github.com/kingsamchen/KAdBlockEngine
• https://github.com/kingsamchen/KLog
• https://github.com/kingsamchen/Eureka
• https://zh-cn.libreoffice.org/
• https://github.com/GiovanniDicanio/WinReg
• https://github.com/GiovanniDicanio/StopwatchWin32
• https://github.com/Wintellect/ProcMonDebugOutput
• https://github.com/GiovanniDicanio/ReadStringsFromRegistry
• https://github.com/GiovanniDicanio/Utf8ConvAtlStl
• https://github.com/GiovanniDicanio/StringPool
• https://github.com/GiovanniDicanio/MapWithCaseInsensitiveStringKey
• https://github.com/GiovanniDicanio/SafeArraySamples
• https://github.com/GiovanniDicanio/TestSSO
• https://github.com/GiovanniDicanio/DoubleNulTerminatedString
• https://github.com/GiovanniDicanio/LoadingCedictBenchmarkCpp
• https://github.com/GiovanniDicanio/TestStringSorting
• https://github.com/GiovanniDicanio/UnicodeConversions
• https://github.com/GiovanniDicanio/TestStringsAtlVsStl
• https://github.com/GiovanniDicanio/UnicodeConversionAtl
• https://github.com/GiovanniDicanio/StlVectorVsListPerformance

rpc

• https://github.com/muxq/hellorpc

miscellaneous

• https://rayanfam.com/topics/inline-assembly-in-x64/ (x64 inline asm)
• https://www.jianshu.com/p/15be72d919ff (traversing the icon on the desktop)
• https://github.com/nshalabi/SysmonTools
• https://github.com/nshalabi/ATTACK-Tools
• https://github.com/ExpLife0011/hf-2012
• https://github.com/tyranid/windows-attacksurface-workshop/ (2018)
• https://github.com/CherryPill/system_info
• https://github.com/muxq/DPAPI
• https://github.com/ExpLife/directntapi
• https://github.com/gaozan198912/myproject
• https://github.com/k0keoyo/ntoskrnl-symbol-pdb-and-undocument-structures
• https://github.com/gentilkiwi/p11proxy
• https://github.com/gentilkiwi/kekeo
• https://github.com/ExpLife/ByPassCfg
• https://github.com/hfiref0x/SXSEXP
• https://github.com/hfiref0x/VBoxHardenedLoader
• https://github.com/hfiref0x/SyscallTables
• https://github.com/hfiref0x/WinObjEx64
• https://github.com/Cr4sh/DbgCb
• https://github.com/Cr4sh/s6_pcie_microblaze
• https://github.com/ionescu007/SpecuCheck
• https://github.com/ionescu007/lxss
• https://github.com/intel/haxm
• https://github.com/akayn/Resources
• https://github.com/DarthTon/SecureEraseWin
• https://github.com/hfiref0x/UACME
• https://github.com/tinysec/windows-syscall-table
• https://github.com/tinysec/jsrt
• https://github.com/zodiacon/DriverMon
• https://github.com/zodiacon/GflagsX
• https://github.com/zodiacon/PEExplorer
• https://github.com/zodiacon/KernelExplorer
• https://github.com/zodiacon/AllTools
• https://github.com/zodiacon/WindowsInternals
• https://github.com/hackedteam/vector-silent
• https://github.com/hackedteam/core-packer
• https://github.com/hackedteam/vector-recover
• https://github.com/k33nteam/cc-shellcoding
• https://github.com/rwfpl/rewolf-wow64ext
• https://github.com/rwfpl/rewolf-x86-virtualizer
• https://github.com/rwfpl/rewolf-gogogadget
• https://github.com/rwfpl/rewolf-dllpackager
• https://github.com/Microsoft/ChakraCore
• https://github.com/google/symboliclink-testing-tools
• https://github.com/ptresearch/IntelME-JTAG
• https://github.com/smourier/TraceSpy
• https://github.com/G-E-N-E-S-I-S/tasklist-brutus
• https://github.com/G-E-N-E-S-I-S/token_manipulation
• https://github.com/jjzhang166/sdk
• https://github.com/killswitch-GUI/HotLoad-Driver
• https://github.com/killswitch-GUI/minidump-lib
• https://github.com/killswitch-GUI/win32-named-pipes-example
• https://github.com/Kelvinhack/ScreenCapAttack
• https://github.com/tyranid/oleviewdotnet
• https://github.com/tyranid/CANAPE.Core
• https://github.com/tyranid/DotNetToJScript

slides

• https://rmusser.net/docs/
• https://keenlab.tencent.com/zh

blogs

• https://www.fwhibbit.es/sysmon-the-big-brother-of-windows-and-the-super-sysmonview
• https://dedbg.com/
• https://leguanyuan.blogspot.com
• http://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/profile/bugdemo.htm
• https://blog.can.ac
• https://b33t1e.github.io/2018/01/03/About-VMProtect/
•  http://www.diting0x.com/
• http://lotabout.me/archives/ (write a c interpreter)
• http://2997ms.com/2016/10/09/2016/2016-9%E6%9C%88-%E5%90%AD%E5%93%A7%E5%92%94%E5%93%A7/
• http://www.trueai.cn/
• https://whereisk0shl.top
• https://www.anquanke.com/post/id/97245
• https://lifeinhex.com
• https://vallejo.cc/2017/11/18/installation-and-first-contact-with-the-new-windbg/
• http://www.vxjump.net/
• https://channel9.msdn.com/Shows/Defrag-Tools
• http://windbg.info/
• http://windbg.org/
• https://msdn.microsoft.com/en-us/library/windows/hardware/ff553217(v=vs.85).aspx
• http://www.andreybazhan.com/
• https://blogs.technet.microsoft.com/markrussinovich/
• http://undocumented.ntinternals.net/
• http://j00ru.vexillium.org/
• https://sysprogs.com/
• http://www.rohitab.com/
• https://sww-it.ru/
• http://blogs.microsoft.co.il/pavely/
• https://www.corelan.be/
• http://tombkeeper.blog.techweb.com.cn/
• http://www.zer0mem.sk/
• http://blog.rewolf.pl/blog/
• http://www.alex-ionescu.com/
• http://blog.cr4.sh/
• https://rootkits.xyz/
• https://ixyzero.com/blog/archives/3543.html
• https://whereisk0shl.top/
• http://www.triplefault.io/2017/09/enumerating-process-thread-and-image.html
• http://doar-e.github.io/blog/2017/12/01/debugger-data-model/
• https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugging-using-windbg-preview
• https://blog.xpnsec.com/
• https://www.fireeye.com/blog/threat-research/2018/01/simplifying-graphs-in-ida.html
• http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/
• http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation

web security research site

• https://malwaretips.com/
• https://www.sec-wiki.com
• https://www.anquanke.com/
• http://xuanwulab.github.io/cn/secnews/2018/02/08/index.html
• http://www.vxjump.net/
• https://www.pediy.com/
•  https://navisec.it/
• http://www.secbang.com/

development documents

• http://devdocs.io/
• https://zealdocs.org/

docker

• http://dockone.io/search/q-RG9ja09uZeaKgOacr+WIhuS6qw==#articles

leaked source code

•  https://github.com/misterch0c/shadowbroker  (NSA)
•  https://github.com/pustladi/Windows-2000
• https://github.com/killbug2004/NT_4.0_SourceCode
• https://github.com/pustladi/TrueCrypt-7.2
• https://github.com/pustladi/MS-DOS-v.1.1
• https://github.com/pustladi/MS-DOS-v.2.0

sspi

• https://github.com/deemru/msspi
• https://github.com/vletoux/DetectPasswordViaNTLMInFlow
• https://github.com/judek/sspiauthenticate
• https://github.com/BobCatC/xSspi
• https://github.com/sishtiaq/SampleSSPICode
• https://github.com/liamkirton/sslpyfilter
• https://github.com/bschlenk/gsspp

openssl

• https://github.com/hioa-cs/IncludeOS/blob/fd92a5394b493b5b645b2123966d38c1576df250/src/net/https/openssl_server.cpp#L72
• https://github.com/robertblackwell/marvincpp
• https://github.com/equalitie/ouinet
• https://github.com/LiTianjue/mite-note
• https://blog.csdn.net/dotalee/article/details/78041691
• https://www.cnblogs.com/kennyhr/p/3746048.html

pdb

• https://github.com/wbenny/pdbex

gpu

• https://github.com/Volkanite/Push

crypto api

• https://github.com/maldevel/AES256
• https://github.com/wbenny/mini-tor
• https://github.com/wyrover/CryptoAPI-examples
• https://github.com/fmuecke/CryptoApi
• https://github.com/ViartX/CacheCrypto
• https://github.com/Deerenaros/CryptoAPIWrapper
• https://github.com/maldevel/SHA256
• https://github.com/13g10n/crypto

iot sec

• https://iot.sec-wiki.com/

ascii banner

• http://www.network-science.de/ascii/
• http://www.degraeve.com/img2txt.php

book code

• https://github.com/yifengyou/32to64
• https://github.com/elephantos/elephant
• https://github.com/yifengyou/Android-software-security-and-reverse-analysis
• https://github.com/yifengyou/Code-virtualization-and-automation-analysis
• https://github.com/yifengyou/Software-protection-and-analysis-techniques---principles-and-practices
• https://github.com/yifengyou/X86-assembly-language-from-real-mode-to-protection-mode

regex

• https://github.com/zeeshanu/learn-regex

ebook

• http://www.foxebook.net/

library

• https://www.ctolib.com/