# awesome-windows-kernel-security-development

**Repository Path**: ExpLife/awesome-windows-kernel-security-development

## Basic Information

- **Project Name**: awesome-windows-kernel-security-development
- **Description**: awesome-windows-kernel-security-development
- **Primary Language**: 其他
- **License**: MIT
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 9
- **Forks**: 3
- **Created**: 2018-03-14
- **Last Updated**: 2021-01-27

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

![logo](https://ss2.bdstatic.com/70cFvnSh_Q1YnxGkpoWK1HF6hhy/it/u=2928049956,3976845960&fm=27&gp=0.jpg)

![Gitee license](https://img.shields.io/badge/license-MIT-blue.svg)

# `awesome-windows-kernel-security-development`

:heart:

## boost

-  https://github.com/zhllxt/asio2

## windows kernel driver with c++ runtime

-  https://github.com/wjcsharp/Common
-  https://github.com/ExpLife/DriverSTL
-  https://github.com/sysprogs/BazisLib
-  https://github.com/AmrThabet/winSRDF
-  https://github.com/sidyhe/dxx
-  https://github.com/zer0mem/libc
-  https://github.com/eladraz/XDK
-  https://github.com/vic4key/Cat-Driver
-  https://github.com/AndrewGaspar/km-stl
-  https://github.com/zer0mem/KernelProject
-  https://github.com/zer0mem/miniCommon
-  https://github.com/jackqk/mystudy
-  https://github.com/yogendersolanki91/Kernel-Driver-Example

## dkom

-  https://github.com/nbqofficial/HideDriver
-  https://github.com/landhb/HideProcess
-  https://github.com/tfairane/DKOM

## ssdt hook

-  https://github.com/int0/ProcessIsolator
-  https://github.com/int0/ProcessIsolator
-  https://github.com/mrexodia/TitanHide (x64dbg Plugin)-(DragonQuestHero Suggest)
-  https://github.com/papadp/shd
-  https://github.com/bronzeMe/SSDT_Hook_x64
-  https://github.com/s18leoare/Hackshield-Driver-Bypass
-  https://github.com/sincoder/hidedir
-  https://github.com/wyrover/HKkernelDbg
-  https://github.com/CherryZY/Process_Protect_Module
-  https://github.com/weixu8/RegistryMonitor
-  https://github.com/nmgwddj/Learn-Windows-Drivers
    
## eat/iat/object/irp/iat hook

-  https://github.com/m0n0ph1/IAT-Hooking-Revisited
-  https://github.com/xiaomagexiao/GameDll
-  https://github.com/HollyDi/Ring0Hook
-  https://github.com/mgeeky/prc_xchk
-  https://github.com/tinysec/iathook

## inline hook

-  https://github.com/tongzeyu/HookSysenter
-  https://github.com/VideoCardGuy/HideProcessInTaskmgr
-  https://github.com/MalwareTech/FstHook
-  https://github.com/Menooker/FishHook
-  https://github.com/G-E-N-E-S-I-S/latebros
-  https://bbs.pediy.com/thread-214582.htm

## inject technique

-  https://github.com/VideoCardGuy/X64Injector
-  https://github.com/papadp/reflective-injection-detection (InjectFromMemory)
-  https://github.com/psmitty7373/eif (InjectFromMemory)
-  https://github.com/rokups/ReflectiveLdr (InjectFromMemory)
-  https://github.com/BenjaminSoelberg/ReflectivePELoader (InjectFromMemory) 
-  https://github.com/NtRaiseHardError/Phage (InjectFromMemory)
-  https://github.com/dismantl/ImprovedReflectiveDLLInjection (InjectFromMemory)
-  https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher (InjectFromMemory)
-  https://github.com/amishsecurity/paythepony (InjectFromMemory)
-  https://github.com/deroko/activationcontexthook
-  https://github.com/georgenicolaou/HeavenInjector
-  https://github.com/tinysec/runwithdll
-  https://github.com/NtOpcode/NT-APC-Injector
-  https://github.com/caidongyun/WinCodeInjection
-  https://github.com/countercept/doublepulsar-usermode-injector
-  https://github.com/mq1n/DLLThreadInjectionDetector
-  https://github.com/hkhk366/Memory_Codes_Injection
-  https://github.com/chango77747/ShellCodeInjector_MsBuild
-  https://github.com/Zer0Mem0ry/ManualMap
-  https://github.com/secrary/InfectPE
-  https://github.com/zodiacon/DllInjectionWithThreadContext
-  https://github.com/NtOpcode/RtlCreateUserThread-DLL-Injection
-  https://github.com/hasherezade/chimera_loader
-  https://github.com/Ciantic/RemoteThreader
-  https://github.com/OlSut/Kinject-x64
-  https://github.com/tandasat/RemoteWriteMonitor
-  https://github.com/stormshield/Beholder-Win32
-  https://github.com/secrary/InjectProc
-  https://github.com/AzureGreen/InjectCollection
-  https://github.com/uItra/Injectora
-  https://github.com/rootm0s/Injectors
-  https://github.com/Spajed/processrefund
-  https://github.com/al-homedawy/InjecTOR
-  https://github.com/OlSut/Kinject-x64
-  https://github.com/stormshield/Beholder-Win32
-  https://github.com/yifiHeaven/MagicWall

## anti dll inject

-  https://github.com/ExpLife/BotKiller

## load Dll from memory

-  https://github.com/fancycode/MemoryModule
-  https://github.com/strivexjun/MemoryModulePP

## anti dll hijack

-  https://github.com/fortiguard-lion/anti-dll-hijacking

## process hollowing

-  https://github.com/m0n0ph1/Basic-File-Crypter
-  https://github.com/Spajed/processrefund
-  https://github.com/KernelMode/Process_Doppelganging
-  https://github.com/hasherezade/process_doppelganging
-  https://github.com/m0n0ph1/Process-Hollowing
-  https://github.com/KernelMode/RunPE-ProcessHollowing
-  https://github.com/KernelMode/RunPE_Detecter

## pe loader

-  https://github.com/FrankStain/pe-loader
-  https://github.com/VideoCardGuy/PELoader

## dll to shellcode

-  https://github.com/w1nds/dll2shellcode

## hide & delete dll

-  https://github.com/wyyqyl/HideModule

## load driver from memory

-  https://github.com/Professor-plum/Reflective-Driver-Loader

## hook engine

-  https://github.com/DominicTobias/detourxs
-  https://github.com/Ilyatk/HookEngine
-  https://github.com/zyantific/zyan-hook-engine
-  https://github.com/martona/mhook
-  https://github.com/EasyHook/EasyHook
-  https://github.com/RelicOfTesla/Detours

## callback

-  https://github.com/JKornev/hidden
-  https://github.com/binbibi/CallbackEx
-  https://github.com/swwwolf/cbtest
-  https://github.com/nmgwddj/Learn-Windows-Drivers
-  https://github.com/SamLarenN/CallbackDisabler

## minifilter

-  https://github.com/aleksk/LazyCopy
-  https://github.com/guidoreina/minivers
-  https://github.com/idkwim/mfd
-  https://github.com/Coxious/Antinvader
-  https://github.com/tandasat/Scavenger
-  https://github.com/fishfly/X70FSD
-  https://github.com/ExpLife/BKAV.Filter

## virtual disk

-  https://github.com/zhaozhongshu/winvblock_vs
-  https://github.com/yogendersolanki91/Kernel-Driver-Example

## virtual file system

-  https://github.com/ExpLife/CodeUMVFS
-  https://github.com/yogendersolanki91/ProcessFileSystem
-  https://github.com/BenjaminKim/dokanx

## lpc

-  https://github.com/avalon1610/LPC

## alpc

-  https://github.com/avalon1610/ALPC

## lsp

-  https://github.com/AnwarMohamed/Packetyzer

## afd
 
-  https://github.com/reinhardvz/afdmjhk
-  https://github.com/xiaomagexiao/GameDll 
-  https://github.com/DeDf/afd
-  https://github.com/a252293079/NProxy

## tdi

-  https://github.com/Sha0/winvblock
-  https://github.com/michael4338/TDI
-  https://github.com/cullengao/tdi_monitor
-  https://github.com/uniking/TDI-Demo
-  https://github.com/codereba/netmon

## wfp

-  https://github.com/reinhardvz/enumwfp
-  https://github.com/ss-abramchuk/OpenVPNAdapter/blob/f016614ed3dec30672e4f1821344b7992825a98d/OpenVPN%20Adapter/Vendors/openvpn/openvpn/tun/win/wfp.hpp
-  https://github.com/itari/vapu
-  https://github.com/basil00/Divert
-  https://github.com/WPO-Foundation/win-shaper
-  https://github.com/raymon-tian/WFPFirewall
-  https://github.com/killbug2004/HashFilter
-  https://github.com/henrypp/simplewall
-  https://docs.microsoft.com/zh-cn/windows-hardware/drivers/network/porting-packet-processing-drivers-and-apps-to-wfp
-  https://github.com/thecybermind/ipredir

## ndis

-  https://github.com/pr0v3rbs/MalSiteBlocker
-  https://github.com/Beamer-LB/netmap/tree/stable/WINDOWS
-  https://github.com/ndemarinis/ovs/tree/22a1ba42f8137cd3532b54880b19b51d4b87440d/datapath-windows/ovsext
-  https://github.com/markjandrews/CodeMachineCourse/tree/5473d4ea808791c2a048f2c8c9c86f011a6da5e8/source/kerrkt.labs/labs/NdisLwf
-  https://github.com/openthread/openthread/tree/master/examples/drivers/windows
-  https://github.com/Hartigan/Firewall
-  https://github.com/zy520321/ndis-filter
-  https://github.com/yuanmaomao/NDIS_Firewall
-  https://github.com/SoftEtherVPN/Win10Pcap
-  https://github.com/IsoGrid/NdisProtocol
-  https://github.com/lcxl/lcxl-net-loader
-  https://www.ntkernel.com/windows-packet-filter/
-  https://github.com/michael4338/NDIS
-  https://github.com/IAmAnubhavSaini/ndislwf
-  https://github.com/OpenVPN/tap-windows6
-  https://github.com/SageAxcess/pcap-ndis6
-  https://github.com/uniking/NDIS-Demo
-  https://github.com/mkdym/NDISDriverInst
-  https://github.com/debugfan/packetprot
-  https://github.com/Iamgublin/NDIS6.30-NetMonitor
-  https://github.com/nmap/npcap
-  https://github.com/Ltangjian/FireWall
-  https://github.com/Microsoft/Windows-driver-samples/tree/master/network/config/bindview
-  https://github.com/brorica/http_inject (winpcap)

## wsk

-  https://github.com/reinhardvz/wsk
-  https://github.com/akayn/kbMon
-  https://github.com/02strich/audionet
-  https://github.com/mestefy/securityplus
-  https://github.com/skycipher/CNGProvider

## rootkits

-  https://github.com/bfosterjr/ci_mod
-  https://github.com/HoShiMin/EnjoyTheRing0
-  https://github.com/hfiref0x/ZeroAccess
-  https://github.com/hackedteam/driver-win32
-  https://github.com/hackedteam/driver-win64
-  https://github.com/csurage/Rootkit
-  https://github.com/bowlofstew/rootkit.com
-  https://github.com/Nervous/GreenKit-Rootkit
-  https://github.com/bytecode-77/r77-rootkit
-  https://github.com/Cr4sh/WindowsRegistryRootkit
-  https://github.com/Alifcccccc/Windows-Rootkits
-  https://github.com/Schnocker/NoEye
-  https://github.com/christian-roggia/open-myrtus
-  https://github.com/Cr4sh/DrvHide-PoC
-  https://github.com/mstefanowich/SquiddlyDiddly2
-  https://github.com/MalwareTech/FakeMBR
-  https://github.com/Cr4sh/PTBypass-PoC
-  https://github.com/psaneme/Kung-Fu-Malware
-  https://github.com/hasherezade/persistence_demos
-  https://github.com/MinhasKamal/TrojanCockroach
-  https://github.com/akayn/kbMon

## mbr

-  https://github.com/Cisco-Talos/MBRFilter

## bootkits

-  https://github.com/DeviceObject/rk2017
-  https://github.com/DeviceObject/ChangeDiskSector
-  https://github.com/DeviceObject/Uefi_HelloWorld
-  https://github.com/DeviceObject/ShitDrv
-  https://github.com/DeviceObject/DarkCloud
-  https://github.com/nyx0/Rovnix
-  https://github.com/MalwareTech/TinyXPB
-  https://github.com/m0n0ph1/Win64-Rovnix-VBR-Bootkit
-  https://github.com/NextSecurity/Gozi-MBR-rootkit
-  https://github.com/NextSecurity/vector-edk
-  https://github.com/ahixon/booty

## uefi/smm

-  https://github.com/AaLl86/retroware
-  https://github.com/DeviceObject/Uefi_HelloWorld
-  https://github.com/LongSoft/UEFITool
-  https://github.com/dude719/UEFI-Bootkit
-  https://github.com/quarkslab/dreamboot
-  https://github.com/gyje/BIOS_Rootkit
-  https://github.com/scumjr/the-sea-watcher
-  https://github.com/zhuyue1314/stoned-UEFI-bootkit
-  https://github.com/hackedteam/vector-edk
-  https://github.com/Cr4sh/SmmBackdoor
-  https://github.com/Cr4sh/PeiBackdoor
-  https://github.com/Cr4sh/fwexpl

## smc

-  https://github.com/marcusbotacin/Self-Modifying-Code

## anti debug

-  https://github.com/strivexjun/XAntiDebug
-  https://github.com/marcusbotacin/Anti.Analysis
-  https://github.com/LordNoteworthy/al-khaser
-  https://github.com/eschweiler/ProReversing

## crypters

-  https://github.com/m0n0ph1/FileCrypter
-  https://github.com/iGh0st/Crypters

## malware

-  https://github.com/mdsecactivebreach/SharpShooter
-  https://github.com/mwsrc/XtremeRAT
-  https://github.com/mwsrc/Schwarze-Sonne-RAT (delphi)
-  https://github.com/Mr-Un1k0d3r/ThunderShell (powershell)
-  https://github.com/DimChris0/LoRa
-  https://github.com/marcusbotacin/Malware.Multicore
-  https://github.com/bxlcity/malware
-  https://github.com/grcasanova/SuperVirus
-  https://github.com/hackedteam/core-win32
-  https://github.com/hackedteam/scout-win
-  https://github.com/hackedteam/vector-dropper

## malware analysis

-  https://github.com/kevthehermit/RATDecoders
-  https://github.com/marcusbotacin/Malware.Variants
-  https://github.com/marcusbotacin/Hardware-Assisted-AV
-  https://github.com/gentilkiwi/spectre_meltdown
-  https://github.com/gentilkiwi/wanadecrypt
-  https://github.com/bloomer1016
-  https://github.com/CHEF-KOCH/malware-research
-  https://github.com/gentilkiwi/wanakiwi

## arktools

-  https://github.com/AzureGreen/WinNT-Learning
-  https://github.com/marcusbotacin/BranchMonitoringProject
-  https://github.com/AzureGreen/ArkProtect
-  https://github.com/AzureGreen/ArkToolDrv
-  https://github.com/HollyDi/PCAssistant
-  https://github.com/ChengChengCC/Ark-tools
-  https://github.com/swatkat/arkitlib
-  https://github.com/swwwolf/wdbgark
-  https://github.com/zibility/Anti-Rootkits
-  https://github.com/SLAUC91/AntiCheat
-  https://github.com/sincoder/A-Protect
-  https://github.com/apriorit/antirootkit-anti-splicer
-  https://github.com/kedebug/ScDetective
-  https://github.com/PKRoma/ProcessHacker
-  https://github.com/AndreyBazhan/DbgExt
-  https://github.com/comaeio/SwishDbgExt
-  https://github.com/ExpLife/atomic-red-team
-  https://github.com/shenghe/pcmanager
-  https://github.com/lj1987new/guardlite
-  https://github.com/hackshields/antivirus/
-  https://github.com/AntiRootkit/BDArkit

## bypass patchguard

-  https://github.com/hfiref0x/UPGDSED
-  https://github.com/tandasat/PgResarch
-  https://github.com/killvxk/DisableWin10PatchguardPoc
-  https://github.com/tandasat/findpg
-  https://github.com/zer0mem/HowToBoostPatchGuard
-  https://bbs.pediy.com/thread-214582.htm

## bypass dse

-  https://github.com/hfiref0x/TDL
-  https://github.com/hfiref0x/DSEFix

## HackSysExtremeVulnerableDriver

-  https://github.com/mgeeky/HEVD_Kernel_Exploit
-  https://www.fuzzysecurity.com/tutorials.html
-  https://rootkits.xyz/blog/
-  https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
-  https://github.com/k0keoyo/HEVD-Double-Free-PoC
-  https://github.com/k0keoyo/HEVD-Arbitrary-Overwrite-Exploit-Win10-rs3
-  https://github.com/tekwizz123/HEVD-Exploit-Solutions
-  https://github.com/k0keoyo/try_exploit
-  https://github.com/Cn33liz/HSEVD-VariousExploits
-  https://github.com/Cn33liz/HSEVD-StackOverflow
-  https://github.com/Cn33liz/HSEVD-StackOverflowX64
-  https://github.com/Cn33liz/HSEVD-StackCookieBypass
-  https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteGDI
-  https://github.com/Cn33liz/HSEVD-StackOverflowGDI
-  https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteLowIL
-  https://github.com/Cn33liz/HSEVD-ArbitraryOverwrite
-  https://github.com/akayn/demos

## windows kernel exploits

-  https://github.com/JeremyFetiveau/Exploits
-  https://github.com/hfiref0x/Stryker
-  https://github.com/swwwolf/obderef
-  https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS
-  https://github.com/cbayet/PoolSprayer
-  https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC
-  https://github.com/k0keoyo/Driver-Loaded-PoC
-  https://github.com/k0keoyo/try_exploit
-  https://github.com/k0keoyo/CVE-2015-2546-Exploit
-  https://github.com/k0keoyo/Dark_Composition_case_study_Integer_Overflow
-  https://github.com/tinysec/vulnerability
-  https://github.com/akayn/demos
-  https://github.com/abatchy17/WindowsExploits
-  https://github.com/recodeking/WindowsExploitation
-  https://github.com/GDSSecurity/Windows-Exploit-Suggester
-  https://github.com/rwfpl/rewolf-pcausa-exploit
-  https://github.com/ratty3697/HackSpy-Trojan-Exploit
-  https://github.com/SecWiki/windows-kernel-exploits
-  https://github.com/sensepost/ms16-098
-  https://github.com/shjalayeri/sysret
-  https://github.com/sam-b/windows_kernel_resources
-  https://github.com/sensepost/gdi-palettes-exp
-  https://github.com/ExpLife/ByPassCfg
-  https://github.com/Rootkitsmm/WinIo-Vidix
-  https://github.com/andrewkabai/vulnwindrv
-  https://github.com/mwrlabs/CVE-2016-7255
-  https://github.com/MarkHC/HandleMaster
-  https://github.com/SamLarenN/CapcomDKOM
-  https://github.com/zerosum0x0/puppetstrings
-  https://github.com/zerosum0x0/ShellcodeDriver
-  https://github.com/Rootkitsmm/WinIo-Vidix
-  https://github.com/progmboy/kernel_vul_poc
-  https://github.com/rwfpl/rewolf-msi-exploit
-  https://github.com/rwfpl/rewolf-pcausa-exploit
-  https://github.com/Rootkitsmm/Win10Pcap-Exploit
-  https://github.com/Rootkitsmm/MS15-061
-  https://github.com/Rootkitsmm/cve-2016-0040
-  https://github.com/Rootkitsmm/CVEXX-XX
-  https://github.com/sensepost/ms16-098
-  https://github.com/Trietptm-on-Security/bug-free-adventure
-  https://github.com/sam-b/CVE-2014-4113
-  https://github.com/Rootkitsmm/OpenVpn-Pool-Overflow
-  https://github.com/Rootkitsmm/UnThreatAVDriver-DOS
-  https://github.com/Cr4sh/ThinkPwn
-  https://github.com/hfiref0x/CVE-2015-1701
-  https://github.com/tyranid/windows-logical-eop-workshop
-  https://github.com/google/sandbox-attacksurface-analysis-tools
-  https://github.com/tyranid/ExploitRemotingService
-  https://github.com/tyranid/DeviceGuardBypasses
-  https://github.com/tyranid/ExploitDotNetDCOM
-  https://github.com/hatRiot/token-priv(EOP)
-  https://github.com/weizn11/MS17010_AllInOne
-  https://github.com/TeskeVirtualSystem/MS17010Test

## office exploit

-  https://github.com/rxwx/CVE-2017-8570

## flash exploit

-  https://github.com/brianwrf/CVE-2017-4878-Samples

## sandbox escape

-  https://github.com/SilverMoonSecurity/SandboxEvasion
-  https://github.com/exAphex/SandboxEscape
-  https://github.com/Fel0ny/Sandbox-Detection
-  https://github.com/CheckPointSW/InviZzzible
-  https://github.com/MalwareTech/AppContainerSandbox
-  https://github.com/tyranid/IE11SandboxEscapes
-  https://github.com/649/Chrome-Sandbox-Exploit
-  https://github.com/google/sandbox-attacksurface-analysis-tools
-  https://github.com/conix-security/zer0m0n
-  https://github.com/iceb0y/windows-container
-  https://github.com/s7ephen/SandKit
-  https://github.com/D4Vinci/Dr0p1t-Framework
-  https://github.com/cryptolok/MorphAES
-  https://github.com/mtalbi/vm_escape
-  https://github.com/unamer/vmware_escape
-  https://github.com/erezto/lua-sandbox-escape
-  https://github.com/brownbelt/Edge-sandbox-escape
-  https://github.com/shakenetwork/vmware_escape
-  https://github.com/Cr4sh/prl_guest_to_host

## evasion technique

-  https://github.com/JLospinoso/gargoyle

## cve

-  https://github.com/LiuCan01/cve-list-pro
-  https://github.com/CVEProject/cvelist

## hips
-  https://github.com/0xdabbad00/OpenHIPS
-  https://github.com/ExpLife/Norton_AntiVirus_SourceCode
-  https://github.com/majian55555/MJAntiVirusEngine
-  https://github.com/develbranch/TinyAntivirus
-  https://github.com/tandasat/EopMon
-  https://github.com/tandasat/MemoryMon

## vt

-  https://github.com/marche147/IoctlMon
-  https://github.com/ionescu007/SimpleVisor
-  https://github.com/zer0mem/MiniHyperVisorProject
-  https://github.com/zer0mem/ShowMeYourGongFu
-  https://github.com/zer0mem/HyperVisor
-  https://github.com/marche147/SimpleVT
-  https://github.com/DarthTon/HyperBone
-  https://github.com/nick-kvmhv/splittlb
-  https://github.com/zareprj/Vmx_Prj
-  https://github.com/ZhuHuiBeiShaDiao/MiniVTx64
-  https://github.com/tandasat/HyperPlatform
-  https://github.com/hzqst/Syscall-Monitor
-  https://github.com/asamy/ksm
-  https://github.com/in12hacker/VT_64_EPT
-  https://github.com/ZhuHuiBeiShaDiao/PFHook
-  https://github.com/tandasat/FU_Hypervisor
-  https://github.com/tandasat/DdiMon
-  https://github.com/tandasat/GuardMon
-  https://github.com/yqsy/VT_demo
-  https://github.com/OkazakiNagisa/VTbasedDebuggerWin7
-  https://github.com/Ouroboros/JuusanKoubou
-  https://github.com/aaa1616/Hypervisor
-  https://github.com/Nukem9/VirtualDbg
-  https://github.com/Nukem9/VirtualDbgHide
-  https://github.com/cheat-engine/cheat-engine
-  https://github.com/Kelvinhack/kHypervisor

## fuzzer

-  https://github.com/bee13oy/AV_Kernel_Vulns/tree/master/Zer0Con2017
-  https://github.com/k0keoyo/kDriver-Fuzzer (Paper:https://whereisk0shl.top/post/2018-01-30)
-  https://github.com/koutto/ioctlbf
-  https://github.com/Cr4sh/ioctlfuzzer
-  https://github.com/Cr4sh/MsFontsFuzz
-  https://github.com/hfiref0x/NtCall64
-  https://github.com/Rootkitsmm/Win32k-Fuzzer
-  https://github.com/mwrlabs/KernelFuzzer
-  https://github.com/SignalSEC/kirlangic-ttf-fuzzer
-  https://github.com/demi6od/Smashing_The_Browser
-  https://github.com/marche147/IoctlMon
-  https://github.com/k0keoyo/Some-Kernel-Fuzzing-Paper

## emet

-  https://github.com/codingtest/EMET

## hotpatch

-  https://github.com/codingtest/windows_hotpatch

## game hack

-  https://github.com/cheat-engine/cheat-engine
-  https://github.com/DreamHacks/dreamdota
-  https://github.com/yoie/NGPlug-in
-  https://github.com/DevelopKits/proj
-  https://github.com/VideoCardGuy/ExpTool_GUI
-  https://github.com/VideoCardGuy/Zhihu_SimpleLog
-  https://github.com/VideoCardGuy/NewYuGiOh_CheatDLL_x64
-  https://github.com/VideoCardGuy/Tetris
-  https://github.com/VideoCardGuy/YuGiOh
-  https://github.com/VideoCardGuy/SnakeAI
-  https://github.com/VideoCardGuy/gitAsktao
-  https://github.com/VideoCardGuy/War3Cheat
-  https://github.com/VideoCardGuy/AStar_Study
-  https://github.com/VideoCardGuy/BnsChina_SetSpeed
-  https://github.com/VideoCardGuy/LOLProjects
-  https://github.com/VideoCardGuy/NewYuGiOh_CheatDLL_x64
-  https://github.com/VideoCardGuy/PictureMatchGame
-  https://github.com/VideoCardGuy/AutoLoginByBnsChina
-  https://github.com/VideoCardGuy/MemoryWatchTool
-  https://github.com/VideoCardGuy/LOL_China
-  https://github.com/mlghuskie/NoBastian
-  https://github.com/G-E-N-E-S-I-S/BattlegroundsChams
-  https://github.com/luciouskami/XignCode3Bypass
-  https://github.com/luciouskami/CS-GO-Simple-Hack
-  https://github.com/luciouskami/load-self-mix
-  https://github.com/Karaulov/WarcraftIII_DLL_126-127
-  https://github.com/TonyZesto/PubgPrivXcode85
-  https://github.com/luciouskami/gameguard-for-war3
-  https://github.com/PopcornEgg/LOLChangeSkin
-  https://github.com/ValveSoftware/ToGL
-  https://github.com/Karaulov/War3-SizeLimit-Bypass
-  https://github.com/F7eak/Xenon
-  https://github.com/syj2010syj/All-Star-Battle-2

## software reverse

-  https://github.com/stonedreamforest/re_avkmgr 
-  https://github.com/stonedreamforest/re_sysdiag

## symbolic execution

-  https://github.com/illera88/Ponce
-  https://github.com/gaasedelen/lighthouse

## deobfuscation

-  https://github.com/mmyydd/relative-pattern
-  https://github.com/SCUBSRGroup/OLLVM_Deobfuscation

## taint analyse

-  https://github.com/airbus-seclab/bincat
-  https://github.com/SCUBSRGroup/Taint-Analyse

## bin diff

-  https://www.zynamics.com/bindiff.html
-  https://github.com/joxeankoret/diaphora
-  https://github.com/ExpLife/binarydiffer
-  https://github.com/ExpLife/patchdiff2_ida6
-  https://github.com/ExpLife/patchdiff2

## x64dbg plugin

-  https://github.com/mrexodia/TitanHide
-  https://github.com/x64dbg/InterObfu
-  https://github.com/x64dbg/ScyllaHide
-  https://github.com/Nukem9/SwissArmyKnife
-  https://github.com/x64dbg/x64dbg/wiki/Plugins

## windbg plugin

- http://virtualkd.sysprogs.org/
- https://github.com/VincentSe/WatchTrees

## ida script & plugin

-  https://github.com/mwrlabs/win_driver_plugin
-  https://github.com/igogo-x86/HexRaysPyTools
-  https://github.com/techbliss/Python_editor
-  https://github.com/tmr232/Sark
-  http://sark.readthedocs.io/en/latest/debugging.html
-  https://bbs.pediy.com/thread-224627.htm (wing debugging idapython script)

## rpc

-  https://github.com/gentilkiwi/basic_rpc

## wmi

-  https://github.com/vinaypamnani/wmie2

## hash dump

-  https://github.com/gentilkiwi/mimikatz

##  auxiliary lib

-  https://github.com/David-Reguera-Garcia-Dreg/auxlib

## ring3 nt api

-  https://github.com/Chuyu-Team/NativeLib

## dll hijack

-  https://github.com/strivexjun/AheadLib-x86-x64

## winpcap

-  https://github.com/klemenb/fiddly
-  http://blog.csdn.net/Ni9htMar3/article/details/54612394
-  https://www.cnblogs.com/xcj26/articles/6073411.html
-  http://www.freebuf.com/articles/system/103526.html
-  https://github.com/illahaha/zxarps (arpcheat)
-  https://github.com/sincoder/zxarps (arpcheat)

## metasploit

-  https://github.com/ExpLife/metasploit-framework
-  https://github.com/NytroRST/NetRipper
-  https://github.com/breenmachine/RottenPotatoNG

## shadow

-  https://github.com/lcxl/lcxl-shadow

## http

-  https://github.com/OlehKulykov/libnhr
-  https://github.com/erickutcher/httpdownloader

## https proxy

-  https://github.com/killbug2004/HttpsProxy
-  https://github.com/erickutcher/httpproxy

## capture packet

-  https://github.com/seladb/PcapPlusPlus

## mitm

-  https://github.com/liuyufei/SSLKiller
-  http://blog.csdn.net/Tencent_Bugly/article/details/72626127
-  https://github.com/pfussell/pivotal

## json

-  https://github.com/marcusbotacin/MyJSON

## awesome

-  https://github.com/sam-b/windows_kernel_resources
-  https://github.com/EbookFoundation/free-programming-books
-  https://github.com/justjavac/free-programming-books-zh_CN
-  https://github.com/rmusser01/Infosec_Reference/
-  https://github.com/jshaw87/Cheatsheets
-  https://github.com/RPISEC/MBE

## windows Driver Kit ddi (device driver interface) documentation

-  https://docs.microsoft.com/zh-cn/windows-hardware/drivers/ddi/
-  https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/windbg-scripting-preview

## windbg preview & jsprovider

- http://doar-e.github.io/blog/2017/12/01/debugger-data-model/

## vm

-  https://github.com/tboox/vm86

## tools

- http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/

## nsa security tools

-  https://github.com/exploitx3/FUZZBUNCH
-  https://github.com/fuzzbunch/fuzzbunch
-  https://github.com/peterpt/fuzzbunch

## apt

-  https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
-  https://github.com/kbandla/APTnotes
-  https://attack.mitre.org/wiki/Groups
-  https://github.com/fdiskyou/threat-INTel

## 3rd party library

-  https://github.com/kingsamchen/WinAntHttp
-  https://github.com/kingsamchen/KAdBlockEngine
-  https://github.com/kingsamchen/KLog
-  https://github.com/kingsamchen/Eureka
-  https://zh-cn.libreoffice.org/
-  https://github.com/GiovanniDicanio/WinReg
-  https://github.com/GiovanniDicanio/StopwatchWin32
-  https://github.com/Wintellect/ProcMonDebugOutput
-  https://github.com/GiovanniDicanio/ReadStringsFromRegistry
-  https://github.com/GiovanniDicanio/Utf8ConvAtlStl
-  https://github.com/GiovanniDicanio/StringPool
-  https://github.com/GiovanniDicanio/MapWithCaseInsensitiveStringKey
-  https://github.com/GiovanniDicanio/SafeArraySamples
-  https://github.com/GiovanniDicanio/TestSSO
-  https://github.com/GiovanniDicanio/DoubleNulTerminatedString
-  https://github.com/GiovanniDicanio/LoadingCedictBenchmarkCpp
-  https://github.com/GiovanniDicanio/TestStringSorting
-  https://github.com/GiovanniDicanio/UnicodeConversions
-  https://github.com/GiovanniDicanio/TestStringsAtlVsStl
-  https://github.com/GiovanniDicanio/UnicodeConversionAtl
-  https://github.com/GiovanniDicanio/StlVectorVsListPerformance

## miscellaneous

-  https://github.com/ExpLife/directntapi
-  https://github.com/gaozan198912/myproject
-  https://github.com/k0keoyo/ntoskrnl-symbol-pdb-and-undocument-structures
-  https://github.com/gentilkiwi/p11proxy
-  https://github.com/gentilkiwi/kekeo
-  https://github.com/ExpLife/ByPassCfg
-  https://github.com/hfiref0x/SXSEXP
-  https://github.com/hfiref0x/VBoxHardenedLoader
-  https://github.com/hfiref0x/SyscallTables
-  https://github.com/hfiref0x/WinObjEx64
-  https://github.com/Cr4sh/DbgCb
-  https://github.com/Cr4sh/s6_pcie_microblaze
-  https://github.com/ionescu007/SpecuCheck
-  https://github.com/ionescu007/lxss
-  https://github.com/intel/haxm
-  https://github.com/akayn/Resources
-  https://github.com/DarthTon/SecureEraseWin
-  https://github.com/DarthTon/Xenos
-  https://github.com/hfiref0x/UACME
-  https://github.com/DarthTon/Blackbone
-  https://github.com/tinysec/windows-syscall-table
-  https://github.com/tinysec/jsrt
-  https://github.com/zodiacon/DriverMon
-  https://github.com/zodiacon/GflagsX
-  https://github.com/zodiacon/PEExplorer
-  https://github.com/zodiacon/KernelExplorer
-  https://github.com/zodiacon/AllTools
-  https://github.com/zodiacon/WindowsInternals
-  https://github.com/hackedteam/vector-silent
-  https://github.com/hackedteam/core-packer
-  https://github.com/hackedteam/vector-recover
-  https://github.com/k33nteam/cc-shellcoding
-  https://github.com/rwfpl/rewolf-wow64ext
-  https://github.com/rwfpl/rewolf-x86-virtualizer
-  https://github.com/rwfpl/rewolf-gogogadget
-  https://github.com/rwfpl/rewolf-dllpackager
-  https://github.com/Microsoft/ChakraCore
-  https://github.com/google/symboliclink-testing-tools
-  https://github.com/ptresearch/IntelME-JTAG
-  https://github.com/smourier/TraceSpy
-  https://github.com/G-E-N-E-S-I-S/tasklist-brutus
-  https://github.com/G-E-N-E-S-I-S/token_manipulation
-  https://github.com/jjzhang166/sdk
-  https://github.com/killswitch-GUI/HotLoad-Driver
-  https://github.com/killswitch-GUI/minidump-lib
-  https://github.com/killswitch-GUI/win32-named-pipes-example
-  https://github.com/Kelvinhack/ScreenCapAttack
-  https://github.com/tyranid/oleviewdotnet
-  https://github.com/tyranid/CANAPE.Core
-  https://github.com/tyranid/DotNetToJScript

## slides

-  https://keenlab.tencent.com/zh

## blogs

-  https://b33t1e.github.io/2018/01/03/About-VMProtect/
-  http://www.diting0x.com/
-  http://lotabout.me/archives/ (write a c interpreter)
-  http://2997ms.com/2016/10/09/2016/2016-9%E6%9C%88-%E5%90%AD%E5%93%A7%E5%92%94%E5%93%A7/
-  http://www.trueai.cn/
-  https://whereisk0shl.top
-  https://www.anquanke.com/post/id/97245
-  https://lifeinhex.com
-  https://vallejo.cc/2017/11/18/installation-and-first-contact-with-the-new-windbg/
-  http://www.vxjump.net/
-  https://channel9.msdn.com/Shows/Defrag-Tools
-  http://windbg.info/
-  http://windbg.org/
-  https://msdn.microsoft.com/en-us/library/windows/hardware/ff553217(v=vs.85).aspx
-  http://www.andreybazhan.com/
-  https://blogs.technet.microsoft.com/markrussinovich/
-  http://undocumented.ntinternals.net/
-  http://j00ru.vexillium.org/
-  https://sysprogs.com/
-  http://www.rohitab.com/
-  https://sww-it.ru/
-  http://blogs.microsoft.co.il/pavely/
-  https://www.corelan.be/
-  http://tombkeeper.blog.techweb.com.cn/
-  http://www.zer0mem.sk/
-  http://blog.rewolf.pl/blog/
-  http://www.alex-ionescu.com/
-  http://blog.cr4.sh/
-  https://rootkits.xyz/
-  https://ixyzero.com/blog/archives/3543.html
-  https://whereisk0shl.top/
-  http://www.triplefault.io/2017/09/enumerating-process-thread-and-image.html
-  http://doar-e.github.io/blog/2017/12/01/debugger-data-model/
-  https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugging-using-windbg-preview
-  https://blog.xpnsec.com/
-  https://www.fireeye.com/blog/threat-research/2018/01/simplifying-graphs-in-ida.html
-  http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/
-  http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation

## web security research site

-  https://www.sec-wiki.com
-  https://www.anquanke.com/
-  http://xuanwulab.github.io/cn/secnews/2018/02/08/index.html
-  http://www.vxjump.net/
-  https://www.pediy.com/
-  https://navisec.it/

## development documents

- http://devdocs.io/
-  https://zealdocs.org/

## docker

- http://dockone.io/search/q-RG9ja09uZeaKgOacr+WIhuS6qw==#articles

## leaked source code 

-  https://github.com/misterch0c/shadowbroker  (NSA)
-  https://github.com/pustladi/Windows-2000
-  https://github.com/killbug2004/NT_4.0_SourceCode
-  https://github.com/pustladi/TrueCrypt-7.2
-  https://github.com/pustladi/MS-DOS-v.1.1
-  https://github.com/pustladi/MS-DOS-v.2.0

## crypto api

-  https://github.com/maldevel/AES256
-  https://github.com/wbenny/mini-tor
-  https://github.com/wyrover/CryptoAPI-examples
-  https://github.com/fmuecke/CryptoApi
-  https://github.com/ViartX/CacheCrypto
-  https://github.com/Deerenaros/CryptoAPIWrapper
-  https://github.com/maldevel/SHA256
-  https://github.com/13g10n/crypto

## ascii banner

- http://www.network-science.de/ascii/
- http://www.degraeve.com/img2txt.php

## book code

-  https://github.com/yifengyou/32to64
-  https://github.com/elephantos/elephant
-  https://github.com/yifengyou/Android-software-security-and-reverse-analysis
-  https://github.com/yifengyou/Code-virtualization-and-automation-analysis
-  https://github.com/yifengyou/Software-protection-and-analysis-techniques---principles-and-practices
-  https://github.com/yifengyou/X86-assembly-language-from-real-mode-to-protection-mode