silence file system monitoring components by hooking their minifilters
☆60Jan 31, 2024Updated 2 years ago
Alternatives and similar repositories for MinifilterHook
Users that are interested in MinifilterHook are comparing it to the libraries listed below
Sorting:
- a windows kernel keylogger that works☆20Feb 12, 2024Updated 2 years ago
- filter driver to hide files and directories☆25Feb 12, 2024Updated 2 years ago
- KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys☆165Jun 14, 2024Updated last year
- Windows file system driver which allows to block access to files at run-time (C/C++, C#, WDK, SDK)☆13Jan 1, 2023Updated 3 years ago
- ☆11Jun 24, 2024Updated last year
- Freeze target threads (external - internal ) by avoiding SuspendThread detections. Or access registers from start address.☆35Mar 23, 2024Updated last year
- What makes it page☆17Aug 24, 2022Updated 3 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆36Nov 12, 2021Updated 4 years ago
- PoC kernel to usermode injection☆105Feb 26, 2024Updated 2 years ago
- 正确解析 _HEAP_VS_***符号 ,支持在最新win11 24h2 运行,替换windbg自带的!pool命令☆17Nov 30, 2024Updated last year
- Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.☆385Aug 8, 2021Updated 4 years ago
- ☆17Apr 18, 2023Updated 2 years ago
- just proof of concept. hooking MmCopyMemory PG safe.☆83Nov 13, 2023Updated 2 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Apr 13, 2023Updated 2 years ago
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- Proof of Concept Kernel-User Communication using System Thread.☆14Sep 24, 2023Updated 2 years ago
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- Protect a file from being deleted using windows kernel file system minifilter driver☆39Apr 2, 2021Updated 4 years ago
- Technion CS Ransomware Project: Writing Windows Mini-Filter Driver to protect PC from Ransomware☆37Feb 11, 2021Updated 5 years ago
- Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executabl…☆387Jan 29, 2022Updated 4 years ago
- Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.☆277Aug 25, 2023Updated 2 years ago
- An example of a camera class (upper) filter driver for Windows.☆45Aug 13, 2025Updated 6 months ago
- windows kernel pagehook☆42Oct 30, 2022Updated 3 years ago
- CVE-2022-3699 with arbitrary kernel code execution capability☆71Dec 27, 2022Updated 3 years ago
- Custom KiSystemStartup, can be used to modificate kernel before boot.☆53Apr 7, 2022Updated 3 years ago
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- manual map unsigned driver over signed memory☆221Apr 11, 2024Updated last year
- 将驱动映射到会话空间☆38Aug 27, 2022Updated 3 years ago
- Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode☆163Jul 31, 2022Updated 3 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 3 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- break link between dll and it file on disk☆12Sep 2, 2024Updated last year
- ☆47Jul 7, 2024Updated last year
- Just an example of a well-known technique to detect memory tampering via Windows Working Sets.☆18Jan 15, 2022Updated 4 years ago
- DUQU MALWARE SOURCE + BINARY + More coming☆12Feb 6, 2023Updated 3 years ago
- ☆33Dec 22, 2020Updated 5 years ago
- Windows NT port of 'Main is usually a function. So then when is it not?'☆27Mar 11, 2024Updated last year
- Kernel LdrLoadDll injector☆264Oct 6, 2018Updated 7 years ago