{"id":13716177,"url":"https://github.com/howknows/awesome-windows-security-development","last_synced_at":"2025-05-07T05:32:20.705Z","repository":{"id":40989678,"uuid":"125340258","full_name":"howknows/awesome-windows-security-development","owner":"howknows","description":"awesome-windows-security-development","archived":false,"fork":false,"pushed_at":"2018-03-15T07:10:19.000Z","size":148,"stargazers_count":169,"open_issues_count":0,"forks_count":100,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-04-23T01:01:59.208Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/howknows.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-03-15T09:06:04.000Z","updated_at":"2025-01-28T16:04:49.000Z","dependencies_parsed_at":"2022-09-15T14:53:29.707Z","dependency_job_id":null,"html_url":"https://github.com/howknows/awesome-windows-security-development","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/howknows%2Fawesome-windows-security-development","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/howknows%2Fawesome-windows-security-development/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/howknows%2Fawesome-windows-security-development/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/howknows%2Fawesome-windows-security-development/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/howknows","download_url":"https://codeload.github.com/howknows/awesome-windows-security-development/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252549227,"owners_count":21766339,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T00:01:07.774Z","updated_at":"2025-05-07T05:32:20.440Z","avatar_url":"https://github.com/howknows.png","language":null,"readme":"\u003ch1 align=\"center\"\u003e\n\t\u003cimg width=\"400\" src=\"logo.svg\" alt=\"Awesome\"\u003e\n\t\u003cbr\u003e\n\t\u003cbr\u003e\n\u003c/h1\u003e\n\n\n# awesome-windows-security-development\n\n## Forked from ExpLife/awesome-windows-kernel-security-development.but...He deleted\n\n## windows kernel driver with c++ runtime\n\n- https://github.com/ExpLife/DriverSTL\n- https://github.com/sysprogs/BazisLib\n- https://github.com/AmrThabet/winSRDF\n- https://github.com/sidyhe/dxx\n- https://github.com/zer0mem/libc\n- https://github.com/eladraz/XDK\n- https://github.com/vic4key/Cat-Driver\n- https://github.com/AndrewGaspar/km-stl\n- https://github.com/zer0mem/KernelProject\n- https://github.com/zer0mem/miniCommon\n- https://github.com/jackqk/mystudy\n- https://github.com/yogendersolanki91/Kernel-Driver-Example\n\n## dkom\n\n- https://github.com/nbqofficial/HideDriver\n- https://github.com/ZhuHuiBeiShaDiao/NewHideDriverEx\n- https://github.com/landhb/HideProcess\n- https://github.com/tfairane/DKOM\n- https://github.com/Sqdwr/HideDriver\n\n## ssdt hook\n\n- https://github.com/int0/ProcessIsolator\n- https://github.com/mrexodia/TitanHide (x64dbg Plugin)-(DragonQuestHero Suggest)\n- https://github.com/papadp/shd\n- https://github.com/bronzeMe/SSDT_Hook_x64\n- https://github.com/s18leoare/Hackshield-Driver-Bypass\n- https://github.com/sincoder/hidedir\n- https://github.com/wyrover/HKkernelDbg\n- https://github.com/CherryZY/Process_Protect_Module\n- https://github.com/weixu8/RegistryMonitor\n- https://github.com/nmgwddj/Learn-Windows-Drivers\n    \n## eat/iat/object/irp/iat hook\n\n- https://github.com/xiaomagexiao/GameDll\n- https://github.com/HollyDi/Ring0Hook\n- https://github.com/mgeeky/prc_xchk\n- https://github.com/tinysec/iathook\n- https://github.com/stevemk14ebr/PolyHook\n\n## inline hook\n\n- https://github.com/VideoCardGuy/HideProcessInTaskmgr\n- https://github.com/MalwareTech/FstHook\n- https://github.com/Menooker/FishHook\n- https://github.com/G-E-N-E-S-I-S/latebros\n- https://bbs.pediy.com/thread-214582.htm\n\n## inject technique\n\n- https://github.com/VideoCardGuy/X64Injector\n- https://github.com/papadp/reflective-injection-detection (InjectFromMemory)\n- https://github.com/psmitty7373/eif (InjectFromMemory)\n- https://github.com/rokups/ReflectiveLdr (InjectFromMemory)\n- https://github.com/BenjaminSoelberg/ReflectivePELoader (InjectFromMemory) \n- https://github.com/NtRaiseHardError/Phage (InjectFromMemory)\n- https://github.com/dismantl/ImprovedReflectiveDLLInjection (InjectFromMemory)\n- https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher (InjectFromMemory)\n- https://github.com/amishsecurity/paythepony (InjectFromMemory)\n- https://github.com/deroko/activationcontexthook\n- https://github.com/georgenicolaou/HeavenInjector\n- https://github.com/tinysec/runwithdll\n- https://github.com/NtOpcode/NT-APC-Injector\n- https://github.com/caidongyun/WinCodeInjection\n- https://github.com/countercept/doublepulsar-usermode-injector\n- https://github.com/mq1n/DLLThreadInjectionDetector\n- https://github.com/hkhk366/Memory_Codes_Injection\n- https://github.com/chango77747/ShellCodeInjector_MsBuild\n- https://github.com/Zer0Mem0ry/ManualMap\n- https://github.com/secrary/InfectPE\n- https://github.com/zodiacon/DllInjectionWithThreadContext\n- https://github.com/NtOpcode/RtlCreateUserThread-DLL-Injection\n- https://github.com/hasherezade/chimera_loader\n- https://github.com/Ciantic/RemoteThreader\n- https://github.com/OlSut/Kinject-x64\n- https://github.com/tandasat/RemoteWriteMonitor\n- https://github.com/stormshield/Beholder-Win32\n- https://github.com/secrary/InjectProc\n- https://github.com/AzureGreen/InjectCollection\n- https://github.com/uItra/Injectora\n- https://github.com/rootm0s/Injectors\n- https://github.com/Spajed/processrefund\n- https://github.com/al-homedawy/InjecTOR\n- https://github.com/OlSut/Kinject-x64\n- https://github.com/stormshield/Beholder-Win32\n- https://github.com/yifiHeaven/MagicWall\n\n## load Dll from memory\n\n- https://github.com/fancycode/MemoryModule\n- https://github.com/strivexjun/MemoryModulePP\n\n## process hollowing\n\n- https://github.com/Spajed/processrefund\n- https://github.com/KernelMode/Process_Doppelganging\n- https://github.com/hasherezade/process_doppelganging\n- https://github.com/m0n0ph1/Process-Hollowing\n- https://github.com/KernelMode/RunPE-ProcessHollowing\n- https://github.com/KernelMode/RunPE_Detecter\n\n## pe loader\n\n- https://github.com/VideoCardGuy/PELoader\n\n## dll to shellcode\n\n- https://github.com/w1nds/dll2shellcode\n\n## hide \u0026 delete dll\n\n- https://github.com/wyyqyl/HideModule\n\n## load driver from memory\n\n- https://github.com/Professor-plum/Reflective-Driver-Loader\n\n## hook engine\n\n- https://github.com/Ilyatk/HookEngine\n- https://github.com/zyantific/zyan-hook-engine\n- https://github.com/martona/mhook\n- https://github.com/EasyHook/EasyHook\n- https://github.com/RelicOfTesla/Detours\n\n## callback\n\n- https://github.com/JKornev/hidden\n- https://github.com/binbibi/CallbackEx\n- https://github.com/swwwolf/cbtest\n- https://github.com/nmgwddj/Learn-Windows-Drivers\n- https://github.com/SamLarenN/CallbackDisabler\n\n## minifilter\n\n- https://github.com/aleksk/LazyCopy\n- https://github.com/guidoreina/minivers\n- https://github.com/idkwim/mfd\n- https://github.com/Coxious/Antinvader\n- https://github.com/tandasat/Scavenger\n- https://github.com/fishfly/X70FSD\n- https://github.com/aleksk/LazyCopy\n- https://github.com/ExpLife/BKAV.Filter\n\n## virtual disk\n\n- https://github.com/zhaozhongshu/winvblock_vs\n- https://github.com/yogendersolanki91/Kernel-Driver-Example\n\n## virtual file system\n\n- https://github.com/ExpLife/CodeUMVFS\n- https://github.com/yogendersolanki91/ProcessFileSystem\n- https://github.com/BenjaminKim/dokanx\n\n## lpc\n\n- https://github.com/avalon1610/LPC\n\n## alpc\n\n- https://github.com/avalon1610/ALPC\n\n## lsp\n\n- https://github.com/AnwarMohamed/Packetyzer\n\n## afd\n \n- https://github.com/xiaomagexiao/GameDll \n- https://github.com/DeDf/afd\n- https://github.com/a252293079/NProxy\n\n## tdi\n\n- https://github.com/Sha0/winvblock\n- https://github.com/michael4338/TDI\n- https://github.com/cullengao/tdi_monitor\n- https://github.com/uniking/TDI-Demo\n- https://github.com/codereba/netmon\n\n## wfp\n\n- https://github.com/basil00/Divert\n- https://github.com/WPO-Foundation/win-shaper\n- https://github.com/raymon-tian/WFPFirewall\n- https://github.com/henrypp/simplewall\n- https://docs.microsoft.com/zh-cn/windows-hardware/drivers/network/porting-packet-processing-drivers-and-apps-to-wfp\n- https://github.com/thecybermind/ipredir\n- https://github.com/RmzVoid/RMZSol\n- https://github.com/BrunoMCBraga/Kernel-Whisperer\n- https://github.com/KBancerz/kkvpn_driver\n- https://github.com/JaredWright/WFPStarterKit\n\n## ndis\n\n- https://github.com/zy520321/ndis-filter\n- https://github.com/yuanmaomao/NDIS_Firewall\n- https://github.com/SoftEtherVPN/Win10Pcap\n- https://github.com/IsoGrid/NdisProtocol\n- https://github.com/lcxl/lcxl-net-loader\n- https://www.ntkernel.com/windows-packet-filter/\n- https://github.com/michael4338/NDIS\n- https://github.com/IAmAnubhavSaini/ndislwf\n- https://github.com/OpenVPN/tap-windows6\n- https://github.com/SageAxcess/pcap-ndis6\n- https://github.com/uniking/NDIS-Demo\n- https://github.com/mkdym/NDISDriverInst\n- https://github.com/debugfan/packetprot\n- https://github.com/Iamgublin/NDIS6.30-NetMonitor\n- https://github.com/nmap/npcap\n- https://github.com/Ltangjian/FireWall\n- https://github.com/Microsoft/Windows-driver-samples/tree/master/network/config/bindview\n- https://github.com/brorica/http_inject (winpcap)\n\n## wsk\n\n- https://github.com/reinhardvz/wsk\n- https://github.com/akayn/kbMon\n- https://github.com/02strich/audionet\n- https://github.com/mestefy/securityplus\n- https://github.com/skycipher/CNGProvider\n\n## rootkits\n\n- https://github.com/HoShiMin/EnjoyTheRing0\n- https://github.com/hfiref0x/ZeroAccess\n- https://github.com/hackedteam/driver-win32\n- https://github.com/hackedteam/driver-win64\n- https://github.com/csurage/Rootkit\n- https://github.com/bowlofstew/rootkit.com\n- https://github.com/Nervous/GreenKit-Rootkit\n- https://github.com/bytecode-77/r77-rootkit\n- https://github.com/Cr4sh/WindowsRegistryRootkit\n- https://github.com/Alifcccccc/Windows-Rootkits\n- https://github.com/Schnocker/NoEye\n- https://github.com/christian-roggia/open-myrtus\n- https://github.com/Cr4sh/DrvHide-PoC\n- https://github.com/mstefanowich/SquiddlyDiddly2\n- https://github.com/MalwareTech/FakeMBR\n- https://github.com/Cr4sh/PTBypass-PoC\n- https://github.com/psaneme/Kung-Fu-Malware\n- https://github.com/hasherezade/persistence_demos\n- https://github.com/MinhasKamal/TrojanCockroach\n- https://github.com/akayn/kbMon\n- https://github.com/hm200958/kmdf--analyse\n\n## mbr\n\n- https://github.com/Cisco-Talos/MBRFilter\n\n## bootkits\n\n- https://github.com/DeviceObject/rk2017\n- https://github.com/DeviceObject/ChangeDiskSector\n- https://github.com/DeviceObject/Uefi_HelloWorld\n- https://github.com/DeviceObject/ShitDrv\n- https://github.com/DeviceObject/DarkCloud\n- https://github.com/nyx0/Rovnix\n- https://github.com/MalwareTech/TinyXPB\n- https://github.com/m0n0ph1/Win64-Rovnix-VBR-Bootkit\n- https://github.com/NextSecurity/Gozi-MBR-rootkit\n- https://github.com/NextSecurity/vector-edk\n- https://github.com/ahixon/booty\n\n## uefi/smm\n\n- https://github.com/DeviceObject/Uefi_HelloWorld\n- https://github.com/LongSoft/UEFITool\n- https://github.com/dude719/UEFI-Bootkit\n- https://github.com/quarkslab/dreamboot\n- https://github.com/gyje/BIOS_Rootkit\n- https://github.com/scumjr/the-sea-watcher\n- https://github.com/zhuyue1314/stoned-UEFI-bootkit\n- https://github.com/hackedteam/vector-edk\n- https://github.com/Cr4sh/SmmBackdoor\n- https://github.com/Cr4sh/PeiBackdoor\n- https://github.com/Cr4sh/fwexpl\n\n## smc\n\n- https://github.com/marcusbotacin/Self-Modifying-Code\n\n## anti debug\n\n- https://github.com/strivexjun/XAntiDebug\n- https://github.com/marcusbotacin/Anti.Analysis\n- https://github.com/LordNoteworthy/al-khaser\n- https://github.com/eschweiler/ProReversing\n\n## malware\n\n- https://github.com/mwsrc/XtremeRAT\n- https://github.com/mwsrc/Schwarze-Sonne-RAT (delphi)\n- https://github.com/Mr-Un1k0d3r/ThunderShell (powershell)\n- https://github.com/DimChris0/LoRa\n- https://github.com/marcusbotacin/Malware.Multicore\n- https://github.com/bxlcity/malware\n- https://github.com/grcasanova/SuperVirus\n- https://github.com/hackedteam/core-win32\n- https://github.com/hackedteam/scout-win\n- https://github.com/hackedteam/vector-dropper\n\n## malware analysis\n\n- https://github.com/kevthehermit/RATDecoders\n- https://github.com/marcusbotacin/Malware.Variants\n- https://github.com/marcusbotacin/Hardware-Assisted-AV\n- https://github.com/gentilkiwi/spectre_meltdown\n- https://github.com/gentilkiwi/wanadecrypt\n- https://github.com/bloomer1016\n- https://github.com/CHEF-KOCH/malware-research\n- https://github.com/gentilkiwi/wanakiwi\n\n## arktools\n\n- https://github.com/marcusbotacin/BranchMonitoringProject\n- https://github.com/AzureGreen/ArkProtect\n- https://github.com/AzureGreen/ArkToolDrv\n- https://github.com/HollyDi/PCAssistant\n- https://github.com/ChengChengCC/Ark-tools\n- https://github.com/swatkat/arkitlib\n- https://github.com/swwwolf/wdbgark\n- https://github.com/zibility/Anti-Rootkits\n- https://github.com/SLAUC91/AntiCheat\n- https://github.com/sincoder/A-Protect\n- https://github.com/apriorit/antirootkit-anti-splicer\n- https://github.com/kedebug/ScDetective\n- https://github.com/PKRoma/ProcessHacker\n- https://github.com/AndreyBazhan/DbgExt\n- https://github.com/comaeio/SwishDbgExt\n- https://github.com/ExpLife/atomic-red-team\n- https://github.com/shenghe/pcmanager\n- https://github.com/lj1987new/guardlite\n- https://github.com/hackshields/antivirus/\n- https://github.com/AntiRootkit/BDArkit\n\n## bypass patchguard\n\n- https://github.com/hfiref0x/UPGDSED\n- https://github.com/tandasat/PgResarch\n- https://github.com/killvxk/DisableWin10PatchguardPoc\n- https://github.com/tandasat/findpg\n- https://github.com/zer0mem/HowToBoostPatchGuard\n- https://bbs.pediy.com/thread-214582.htm\n\n## bypass dse\n\n- https://github.com/hfiref0x/TDL\n- https://github.com/hfiref0x/DSEFix\n\n## HackSysExtremeVulnerableDriver\n\n- https://github.com/mgeeky/HEVD_Kernel_Exploit\n- https://www.fuzzysecurity.com/tutorials.html\n- https://rootkits.xyz/blog/\n- https://github.com/hacksysteam/HackSysExtremeVulnerableDriver\n- https://github.com/k0keoyo/HEVD-Double-Free-PoC\n- https://github.com/k0keoyo/HEVD-Arbitrary-Overwrite-Exploit-Win10-rs3\n- https://github.com/tekwizz123/HEVD-Exploit-Solutions\n- https://github.com/k0keoyo/try_exploit\n- https://github.com/Cn33liz/HSEVD-VariousExploits\n- https://github.com/Cn33liz/HSEVD-StackOverflow\n- https://github.com/Cn33liz/HSEVD-StackOverflowX64\n- https://github.com/Cn33liz/HSEVD-StackCookieBypass\n- https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteGDI\n- https://github.com/Cn33liz/HSEVD-StackOverflowGDI\n- https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteLowIL\n- https://github.com/Cn33liz/HSEVD-ArbitraryOverwrite\n- https://github.com/akayn/demos\n\n## windows kernel exploits\n\n- https://github.com/JeremyFetiveau/Exploits\n- https://github.com/hfiref0x/Stryker\n- https://github.com/swwwolf/obderef\n- https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS\n- https://github.com/cbayet/PoolSprayer\n- https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC\n- https://github.com/k0keoyo/Driver-Loaded-PoC\n- https://github.com/k0keoyo/try_exploit\n- https://github.com/k0keoyo/CVE-2015-2546-Exploit\n- https://github.com/k0keoyo/Dark_Composition_case_study_Integer_Overflow\n- https://github.com/tinysec/vulnerability\n- https://github.com/akayn/demos\n- https://github.com/abatchy17/WindowsExploits\n- https://github.com/recodeking/WindowsExploitation\n- https://github.com/GDSSecurity/Windows-Exploit-Suggester\n- https://github.com/rwfpl/rewolf-pcausa-exploit\n- https://github.com/ratty3697/HackSpy-Trojan-Exploit\n- https://github.com/SecWiki/windows-kernel-exploits\n- https://github.com/sensepost/ms16-098\n- https://github.com/shjalayeri/sysret\n- https://github.com/sam-b/windows_kernel_resources\n- https://github.com/sensepost/gdi-palettes-exp\n- https://github.com/ExpLife/ByPassCfg\n- https://github.com/Rootkitsmm/WinIo-Vidix\n- https://github.com/andrewkabai/vulnwindrv\n- https://github.com/mwrlabs/CVE-2016-7255\n- https://github.com/MarkHC/HandleMaster\n- https://github.com/SamLarenN/CapcomDKOM\n- https://github.com/zerosum0x0/puppetstrings\n- https://github.com/zerosum0x0/ShellcodeDriver\n- https://github.com/Rootkitsmm/WinIo-Vidix\n- https://github.com/progmboy/kernel_vul_poc\n- https://github.com/rwfpl/rewolf-msi-exploit\n- https://github.com/rwfpl/rewolf-pcausa-exploit\n- https://github.com/Rootkitsmm/Win10Pcap-Exploit\n- https://github.com/Rootkitsmm/MS15-061\n- https://github.com/Rootkitsmm/cve-2016-0040\n- https://github.com/Rootkitsmm/CVEXX-XX\n- https://github.com/sensepost/ms16-098\n- https://github.com/Trietptm-on-Security/bug-free-adventure\n- https://github.com/sam-b/CVE-2014-4113\n- https://github.com/Rootkitsmm/OpenVpn-Pool-Overflow\n- https://github.com/Rootkitsmm/UnThreatAVDriver-DOS\n- https://github.com/Cr4sh/ThinkPwn\n- https://github.com/hfiref0x/CVE-2015-1701\n- https://github.com/tyranid/windows-logical-eop-workshop\n- https://github.com/google/sandbox-attacksurface-analysis-tools\n- https://github.com/tyranid/ExploitRemotingService\n- https://github.com/tyranid/DeviceGuardBypasses\n- https://github.com/tyranid/ExploitDotNetDCOM\n- https://github.com/hatRiot/token-priv(EOP)\n- https://github.com/weizn11/MS17010_AllInOne\n- https://github.com/TeskeVirtualSystem/MS17010Test\n\n## office exploit\n\n- https://github.com/rxwx/CVE-2017-8570\n\n## flash exploit\n\n- https://github.com/brianwrf/CVE-2017-4878-Samples\n\n## sandbox escape\n\n- https://github.com/SilverMoonSecurity/SandboxEvasion\n- https://github.com/exAphex/SandboxEscape\n- https://github.com/Fel0ny/Sandbox-Detection\n- https://github.com/CheckPointSW/InviZzzible\n- https://github.com/MalwareTech/AppContainerSandbox\n- https://github.com/tyranid/IE11SandboxEscapes\n- https://github.com/649/Chrome-Sandbox-Exploit\n- https://github.com/google/sandbox-attacksurface-analysis-tools\n- https://github.com/conix-security/zer0m0n\n- https://github.com/iceb0y/windows-container\n- https://github.com/s7ephen/SandKit\n- https://github.com/D4Vinci/Dr0p1t-Framework\n- https://github.com/cryptolok/MorphAES\n- https://github.com/mtalbi/vm_escape\n- https://github.com/unamer/vmware_escape\n- https://github.com/erezto/lua-sandbox-escape\n- https://github.com/brownbelt/Edge-sandbox-escape\n- https://github.com/shakenetwork/vmware_escape\n- https://github.com/Cr4sh/prl_guest_to_host\n\n## cve\n\n- https://github.com/LiuCan01/cve-list-pro\n- https://github.com/CVEProject/cvelist\n\n## hips\n- https://github.com/0xdabbad00/OpenHIPS\n- https://github.com/ExpLife/Norton_AntiVirus_SourceCode\n- https://github.com/majian55555/MJAntiVirusEngine\n- https://github.com/develbranch/TinyAntivirus\n- https://github.com/tandasat/EopMon\n- https://github.com/tandasat/MemoryMon\n\n## vt\n\n- https://github.com/marche147/IoctlMon\n- https://github.com/ionescu007/SimpleVisor\n- https://github.com/zer0mem/MiniHyperVisorProject\n- https://github.com/zer0mem/ShowMeYourGongFu\n- https://github.com/zer0mem/HyperVisor\n- https://github.com/marche147/SimpleVT\n- https://github.com/DarthTon/HyperBone\n- https://github.com/nick-kvmhv/splittlb\n- https://github.com/zareprj/Vmx_Prj\n- https://github.com/ZhuHuiBeiShaDiao/MiniVTx64\n- https://github.com/tandasat/HyperPlatform\n- https://github.com/hzqst/Syscall-Monitor\n- https://github.com/asamy/ksm\n- https://github.com/in12hacker/VT_64_EPT\n- https://github.com/ZhuHuiBeiShaDiao/PFHook\n- https://github.com/tandasat/FU_Hypervisor\n- https://github.com/tandasat/DdiMon\n- https://github.com/tandasat/GuardMon\n- https://github.com/yqsy/VT_demo\n- https://github.com/OkazakiNagisa/VTbasedDebuggerWin7\n- https://github.com/Ouroboros/JuusanKoubou\n- https://github.com/aaa1616/Hypervisor\n- https://github.com/Nukem9/VirtualDbg\n- https://github.com/Nukem9/VirtualDbgHide\n- https://github.com/cheat-engine/cheat-engine\n- https://github.com/Kelvinhack/kHypervisor\n\n## fuzzer\n\n- https://github.com/bee13oy/AV_Kernel_Vulns/tree/master/Zer0Con2017\n- https://github.com/k0keoyo/kDriver-Fuzzer (Paper:https://whereisk0shl.top/post/2018-01-30)\n- https://github.com/koutto/ioctlbf\n- https://github.com/Cr4sh/ioctlfuzzer\n- https://github.com/Cr4sh/MsFontsFuzz\n- https://github.com/hfiref0x/NtCall64\n- https://github.com/Rootkitsmm/Win32k-Fuzzer\n- https://github.com/mwrlabs/KernelFuzzer\n- https://github.com/SignalSEC/kirlangic-ttf-fuzzer\n- https://github.com/demi6od/Smashing_The_Browser\n- https://github.com/marche147/IoctlMon\n- https://github.com/k0keoyo/Some-Kernel-Fuzzing-Paper\n\n## emet\n\n- https://github.com/codingtest/EMET\n\n## hotpatch\n\n- https://github.com/codingtest/windows_hotpatch\n\n## game hack\n\n- https://github.com/DreamHacks/dreamdota\n- https://github.com/yoie/NGPlug-in\n- https://github.com/DevelopKits/proj\n- https://github.com/VideoCardGuy/ExpTool_GUI\n- https://github.com/VideoCardGuy/Zhihu_SimpleLog\n- https://github.com/VideoCardGuy/NewYuGiOh_CheatDLL_x64\n- https://github.com/VideoCardGuy/Tetris\n- https://github.com/VideoCardGuy/YuGiOh\n- https://github.com/VideoCardGuy/SnakeAI\n- https://github.com/VideoCardGuy/gitAsktao\n- https://github.com/VideoCardGuy/War3Cheat\n- https://github.com/VideoCardGuy/AStar_Study\n- https://github.com/VideoCardGuy/BnsChina_SetSpeed\n- https://github.com/VideoCardGuy/LOLProjects\n- https://github.com/VideoCardGuy/NewYuGiOh_CheatDLL_x64\n- https://github.com/VideoCardGuy/PictureMatchGame\n- https://github.com/VideoCardGuy/AutoLoginByBnsChina\n- https://github.com/VideoCardGuy/MemoryWatchTool\n- https://github.com/VideoCardGuy/LOL_China\n- https://github.com/mlghuskie/NoBastian\n- https://github.com/G-E-N-E-S-I-S/BattlegroundsChams\n- https://github.com/luciouskami/XignCode3Bypass\n- https://github.com/luciouskami/CS-GO-Simple-Hack\n- https://github.com/luciouskami/load-self-mix\n- https://github.com/Karaulov/WarcraftIII_DLL_126-127\n- https://github.com/TonyZesto/PubgPrivXcode85\n- https://github.com/luciouskami/gameguard-for-war3\n- https://github.com/PopcornEgg/LOLChangeSkin\n- https://github.com/ValveSoftware/ToGL\n- https://github.com/Karaulov/War3-SizeLimit-Bypass\n- https://github.com/F7eak/Xenon\n- https://github.com/syj2010syj/All-Star-Battle-2\n\n## symbolic execution\n\n- https://github.com/illera88/Ponce\n- https://github.com/gaasedelen/lighthouse\n\n## deobfuscation\n\n- https://github.com/SCUBSRGroup/OLLVM_Deobfuscation\n\n## taint analyse\n\n- https://github.com/SCUBSRGroup/Taint-Analyse\n\n## bin diff\n\n- https://www.zynamics.com/bindiff.html\n- https://github.com/joxeankoret/diaphora\n- https://github.com/ExpLife/binarydiffer\n- https://github.com/ExpLife/patchdiff2_ida6\n- https://github.com/ExpLife/patchdiff2\n\n## x64dbg plugin\n\n- https://github.com/mrexodia/TitanHide\n- https://github.com/x64dbg/InterObfu\n- https://github.com/x64dbg/ScyllaHide\n- https://github.com/Nukem9/SwissArmyKnife\n- https://github.com/x64dbg/x64dbg/wiki/Plugins\n\n## windbg plugin\n\n- https://github.com/VincentSe/WatchTrees\n\n## ida script \u0026 plugin\n\n- https://github.com/mwrlabs/win_driver_plugin\n- https://github.com/igogo-x86/HexRaysPyTools\n- https://github.com/techbliss/Python_editor\n- https://github.com/tmr232/Sark\n- http://sark.readthedocs.io/en/latest/debugging.html\n- https://bbs.pediy.com/thread-224627.htm (wing debugging idapython script)\n\n## rpc\n\n- https://github.com/gentilkiwi/basic_rpc\n\n## hash dump\n\n- https://github.com/gentilkiwi/mimikatz\n\n##  auxiliary lib\n\n- https://github.com/David-Reguera-Garcia-Dreg/auxlib\n\n## ring3 nt api\n\n- https://github.com/Chuyu-Team/NativeLib\n\n## dll hijack\n\n- https://github.com/strivexjun/AheadLib-x86-x64\n\n## winpcap\n\n- https://github.com/klemenb/fiddly\n- http://blog.csdn.net/Ni9htMar3/article/details/54612394\n- https://www.cnblogs.com/xcj26/articles/6073411.html\n- http://www.freebuf.com/articles/system/103526.html\n- https://github.com/illahaha/zxarps (arpcheat)\n- https://github.com/sincoder/zxarps (arpcheat)\n\n## metasploit\n\n- https://github.com/NytroRST/NetRipper\n- https://github.com/breenmachine/RottenPotatoNG\n\n## shadow\n\n- https://github.com/lcxl/lcxl-shadow\n\n## http\n\n- https://github.com/OlehKulykov/libnhr\n- https://github.com/erickutcher/httpdownloader\n\n## https proxy\n\n- https://github.com/killbug2004/HttpsProxy\n- https://github.com/erickutcher/httpproxy\n\n## mitm\n\n- https://github.com/liuyufei/SSLKiller\n- http://blog.csdn.net/Tencent_Bugly/article/details/72626127\n- https://github.com/pfussell/pivotal\n\n## json\n\n- https://github.com/marcusbotacin/MyJSON\n\n## awesome\n\n- https://github.com/sam-b/windows_kernel_resources\n- https://github.com/EbookFoundation/free-programming-books\n- https://github.com/justjavac/free-programming-books-zh_CN\n- https://github.com/rmusser01/Infosec_Reference/\n- https://github.com/jshaw87/Cheatsheets\n- https://github.com/RPISEC/MBE\n\n## windows Driver Kit ddi (device driver interface) documentation\n\n- https://docs.microsoft.com/zh-cn/windows-hardware/drivers/ddi/\n- https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/windbg-scripting-preview\n\n## windbg preview \u0026 jsprovider\n\n- http://doar-e.github.io/blog/2017/12/01/debugger-data-model/\n\n## vm\n\n- https://github.com/tboox/vm86\n\n## tools\n\n- http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/\n\n## nsa security tools\n\n- https://github.com/exploitx3/FUZZBUNCH\n- https://github.com/fuzzbunch/fuzzbunch\n- https://github.com/peterpt/fuzzbunch\n\n## apt\n\n- https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections\n- https://github.com/kbandla/APTnotes\n- https://attack.mitre.org/wiki/Groups\n- https://github.com/fdiskyou/threat-INTel\n\n## 3rd party library\n\n- https://github.com/GiovanniDicanio/WinReg\n- https://github.com/GiovanniDicanio/StopwatchWin32\n- https://github.com/Wintellect/ProcMonDebugOutput\n- https://github.com/GiovanniDicanio/ReadStringsFromRegistry\n- https://github.com/GiovanniDicanio/Utf8ConvAtlStl\n- https://github.com/GiovanniDicanio/StringPool\n- https://github.com/GiovanniDicanio/MapWithCaseInsensitiveStringKey\n- https://github.com/GiovanniDicanio/SafeArraySamples\n- https://github.com/GiovanniDicanio/TestSSO\n- https://github.com/GiovanniDicanio/DoubleNulTerminatedString\n- https://github.com/GiovanniDicanio/LoadingCedictBenchmarkCpp\n- https://github.com/GiovanniDicanio/TestStringSorting\n- https://github.com/GiovanniDicanio/UnicodeConversions\n- https://github.com/GiovanniDicanio/TestStringsAtlVsStl\n- https://github.com/GiovanniDicanio/UnicodeConversionAtl\n- https://github.com/GiovanniDicanio/StlVectorVsListPerformance\n\n## miscellaneous\n\n- https://github.com/gaozan198912/myproject\n- https://github.com/k0keoyo/ntoskrnl-symbol-pdb-and-undocument-structures\n- https://github.com/gentilkiwi/p11proxy\n- https://github.com/gentilkiwi/kekeo\n- https://github.com/ExpLife/ByPassCfg\n- https://github.com/hfiref0x/SXSEXP\n- https://github.com/hfiref0x/VBoxHardenedLoader\n- https://github.com/hfiref0x/SyscallTables\n- https://github.com/hfiref0x/WinObjEx64\n- https://github.com/Cr4sh/DbgCb\n- https://github.com/Cr4sh/s6_pcie_microblaze\n- https://github.com/ionescu007/SpecuCheck\n- https://github.com/ionescu007/lxss\n- https://github.com/intel/haxm\n- https://github.com/akayn/Resources\n- https://github.com/DarthTon/SecureEraseWin\n- https://github.com/DarthTon/Xenos\n- https://github.com/hfiref0x/UACME\n- https://github.com/DarthTon/Blackbone\n- https://github.com/tinysec/windows-syscall-table\n- https://github.com/tinysec/jsrt\n- https://github.com/zodiacon/DriverMon\n- https://github.com/zodiacon/GflagsX\n- https://github.com/zodiacon/PEExplorer\n- https://github.com/zodiacon/KernelExplorer\n- https://github.com/zodiacon/AllTools\n- https://github.com/zodiacon/WindowsInternals\n- https://github.com/hackedteam/vector-silent\n- https://github.com/hackedteam/core-packer\n- https://github.com/hackedteam/vector-recover\n- https://github.com/k33nteam/cc-shellcoding\n- https://github.com/rwfpl/rewolf-wow64ext\n- https://github.com/rwfpl/rewolf-x86-virtualizer\n- https://github.com/rwfpl/rewolf-gogogadget\n- https://github.com/rwfpl/rewolf-dllpackager\n- https://github.com/Microsoft/ChakraCore\n- https://github.com/google/symboliclink-testing-tools\n- https://github.com/ptresearch/IntelME-JTAG\n- https://github.com/smourier/TraceSpy\n- https://github.com/G-E-N-E-S-I-S/tasklist-brutus\n- https://github.com/G-E-N-E-S-I-S/token_manipulation\n- https://github.com/jjzhang166/sdk\n- https://github.com/killswitch-GUI/HotLoad-Driver\n- https://github.com/killswitch-GUI/minidump-lib\n- https://github.com/killswitch-GUI/win32-named-pipes-example\n- https://github.com/Kelvinhack/ScreenCapAttack\n- https://github.com/tyranid/oleviewdotnet\n- https://github.com/tyranid/CANAPE.Core\n- https://github.com/tyranid/DotNetToJScript\n\n## slides\n\n- https://keenlab.tencent.com/zh\n\n## blogs\n\n- http://www.diting0x.com/\n- http://lotabout.me/archives/ (write a c interpreter)\n- http://2997ms.com/2016/10/09/2016/2016-9%E6%9C%88-%E5%90%AD%E5%93%A7%E5%92%94%E5%93%A7/\n- http://www.trueai.cn/\n- https://whereisk0shl.top\n- https://www.anquanke.com/post/id/97245\n- https://lifeinhex.com\n- https://vallejo.cc/2017/11/18/installation-and-first-contact-with-the-new-windbg/\n- http://www.vxjump.net/\n- https://channel9.msdn.com/Shows/Defrag-Tools\n- http://windbg.info/\n- http://windbg.org/\n- https://msdn.microsoft.com/en-us/library/windows/hardware/ff553217(v=vs.85).aspx\n- http://www.andreybazhan.com/\n- https://blogs.technet.microsoft.com/markrussinovich/\n- http://undocumented.ntinternals.net/\n- http://j00ru.vexillium.org/\n- https://sysprogs.com/\n- http://www.rohitab.com/\n- https://sww-it.ru/\n- http://blogs.microsoft.co.il/pavely/\n- https://www.corelan.be/\n- http://tombkeeper.blog.techweb.com.cn/\n- http://www.zer0mem.sk/\n- http://blog.rewolf.pl/blog/\n- http://www.alex-ionescu.com/\n- http://blog.cr4.sh/\n- https://rootkits.xyz/\n- https://ixyzero.com/blog/archives/3543.html\n- https://whereisk0shl.top/\n- http://www.triplefault.io/2017/09/enumerating-process-thread-and-image.html\n- http://doar-e.github.io/blog/2017/12/01/debugger-data-model/\n- https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugging-using-windbg-preview\n- https://blog.xpnsec.com/\n- https://www.fireeye.com/blog/threat-research/2018/01/simplifying-graphs-in-ida.html\n- http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/\n- http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation\n\n## web security research site\n\n- https://www.sec-wiki.com\n- https://www.anquanke.com/\n- http://xuanwulab.github.io/cn/secnews/2018/02/08/index.html\n- http://www.vxjump.net/\n- https://www.pediy.com/\n- https://navisec.it/\n\n## development documents\n\n- http://devdocs.io/\n- https://zealdocs.org/\n\n## docker\n\n- http://dockone.io/search/q-RG9ja09uZeaKgOacr+WIhuS6qw==#articles\n\n## leaked source code \n\n- https://github.com/pustladi/Windows-2000\n- https://github.com/killbug2004/NT_4.0_SourceCode\n- https://github.com/pustladi/TrueCrypt-7.2\n- https://github.com/pustladi/MS-DOS-v.1.1\n- https://github.com/pustladi/MS-DOS-v.2.0\n\n## crypto api\n\n- https://github.com/maldevel/AES256\n- https://github.com/wbenny/mini-tor\n- https://github.com/wyrover/CryptoAPI-examples\n- https://github.com/fmuecke/CryptoApi\n- https://github.com/ViartX/CacheCrypto\n- https://github.com/Deerenaros/CryptoAPIWrapper\n- https://github.com/maldevel/SHA256\n- https://github.com/13g10n/crypto\n\n## ascii banner\n\n- http://www.network-science.de/ascii/\n- http://www.degraeve.com/img2txt.php\n\n## book code\n\n- https://github.com/yifengyou/32to64\n- https://github.com/elephantos/elephant\n- https://github.com/yifengyou/Android-software-security-and-reverse-analysis\n- https://github.com/yifengyou/Code-virtualization-and-automation-analysis\n- https://github.com/yifengyou/Software-protection-and-analysis-techniques---principles-and-practices\n- https://github.com/yifengyou/X86-assembly-language-from-real-mode-to-protection-mode\n","funding_links":[],"categories":["System"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhowknows%2Fawesome-windows-security-development","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhowknows%2Fawesome-windows-security-development","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhowknows%2Fawesome-windows-security-development/lists"}