Block or Report
Block or report RistBS
Contact GitHub support about this user’s behavior. Learn more about reporting abuse.
Report abuseStars
Language
Sort by: Recently starred
A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls
Another unfinished doublepulsar RDP variant from years ago. Demonstrates hooking McsDispatch, never wrote the hook itself
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
Windows 10 PE image loader (LDR) NTDLL component toolbox
Tooling to generate metadata for Win32 APIs in the Windows SDK.
Small application that can be used to log loader snaps and other debug output
An old memory introspection framework from 2019.
Unlicensed tiny / small portable implementation of 128/256-bit AES encryption in C, x86, AMD64, ARM32 and ARM64 assembly
Enumerate various traits from Windows processes as an aid to threat hunting
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
Autonomous pre-boot DMA attack hardware implant for M.2 slot based on PicoEVB development board
Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.