- C++ Tips of the Week
- C++那些事
- Modern C++ Tutorial
- C++11/14/17/20 On the Fly
- Awesome C++
- Windows API code snippets
- Google C++ Style Guide
- Google 開源專案 C++ 風格指南
- 360 安全规则集合
- craft::cpp
- m-peko/bitflags
- Bitmask Operators
- enum-flags
- Bit flags for C++11 scoped enums
- bitmask
- A generic implementation of the BitmaskType C++ concept
- nlohmann/json
- JSON for Modern C++
- simdjson/simdjson
- Parsing gigabytes of JSON per second
- cpp-httplib
- A C++ header-only HTTP/HTTPS server and client library
- cpr
- Curl for People, a spiritual port of Python Requests.
- oatpp
- Light and powerful C++ web framework
- imgui
- Bloat-free Graphical User interface for C++ with minimal dependencies
- memhunter
- Live hunting of code injection techniques
- pe-sieve
- Recognizes and dumps a variety of potentially malicious implants
- hollows hunter
- Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
- BLUESPAWN
- An Active Defense and EDR software to empower Blue Teams
- CobaltStrikeDetected
- 40行代码检测到大部分CobaltStrike的shellcode
- Blackbone
- Windows memory hacking library
- herpaderping
- bypasses security products by obscuring the intentions of a process
- pinjectra
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques
- PowerLoaderEx
- PowerLoaderEx - Advanced Code Injection Technique for x32 / x64
- FunctionStomping
- A new shellcode injection technique. Given as C++ header, standalone Rust program or library.
- MemLoader
- Run native PE or .NET executables entirely in-memory.
- donut
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, VBScript, JScript and runs them from memory with parameters.
- al-khaser
- Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
- gargoyle
- A memory scanning evasion technique
- anti-sandbox
- Windows对抗沙箱和虚拟机的方法总结
- makin
- reveal anti-debugging and anti-VM tricks
- obfusheader.h
- portable header file for C++14 compile-time obfuscation
- obfus.h
- Macro-header for compile-time C obfuscation (tcc, win x86/x64)
- Obfusk8
- lightweight Obfuscation library based on C++17 / Header Only for windows binaries
- wow64pp
- A modern c++ implementation of windows heavens gate
- SysWhispers
- AV/EDR evasion via direct system calls.
- SysWhispers2
- AV/EDR evasion via direct system calls.
- HWSyscalls
- execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP
- syscalls-cpp
- A modern C++20 header-only library for advanced direct system call invocation.
- CallObfuscator
- Obfuscate specific windows apis with different apis
- UnhookMe
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware
- lazy_importer
- header only library to make the life of a reverse engineer much harder.
- inline_syscall
- Inline syscalls made easy for windows on clang
- RefleXXion
- bypassing user-mode hooks utilised by AV/EPP/EDR etc.
- InfinityHook
- Hook system calls, context switches, page faults and more.
- minhook
- The Minimalistic x86/x64 API Hooking Library for Windows
- Triton
- It provides internal components like a Dynamic Symbolic Execution (DSE) engine
- zasm
- x86-64 Assembler based on Zydis
- retdec
- RetDec is a retargetable machine-code decompiler based on LLVM.
- PinTools
- Pintool example and PoC for dynamic binary analysis
- libfuzzer
- Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
- pwn++
- pwn++ is a Windows & Linux library oriented for exploit dev but mostly used to play with modern C++ features
- LIEF
- Library to Instrument Executable Formats
- IIS-Raid
- A native backdoor module for Microsoft IIS
