silence file system monitoring components by hooking their minifilters
☆62Jan 31, 2024Updated 2 years ago
Alternatives and similar repositories for MinifilterHook
Users that are interested in MinifilterHook are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- filter driver to hide files and directories☆26Feb 12, 2024Updated 2 years ago
- a windows kernel keylogger that works☆20Feb 12, 2024Updated 2 years ago
- KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys☆168Jun 14, 2024Updated last year
- Windows file system driver which allows to block access to files at run-time (C/C++, C#, WDK, SDK)☆13Jan 1, 2023Updated 3 years ago
- 正确解析 _HEAP_VS_***符号 ,支持在最新win11 24h2 运行,替换windbg自带的!pool命令☆17Nov 30, 2024Updated last year
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Proof of Concept Kernel-User Communication using System Thread.☆14Sep 24, 2023Updated 2 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆36Nov 12, 2021Updated 4 years ago
- PoC kernel to usermode injection☆114Feb 26, 2024Updated 2 years ago
- Just an example of a well-known technique to detect memory tampering via Windows Working Sets.☆18Jan 15, 2022Updated 4 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- Custom KiSystemStartup, can be used to modificate kernel before boot.☆53Apr 7, 2022Updated 4 years ago
- DUQU MALWARE SOURCE + BINARY + More coming☆14Feb 6, 2023Updated 3 years ago
- just proof of concept. hooking MmCopyMemory PG safe.☆86Nov 13, 2023Updated 2 years ago
- Freeze target threads (external - internal ) by avoiding SuspendThread detections. Or access registers from start address.☆36Mar 23, 2024Updated 2 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- ☆11Jun 24, 2024Updated last year
- ☆33Dec 22, 2020Updated 5 years ago
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.☆285Mar 16, 2026Updated last month
- Technion CS Ransomware Project: Writing Windows Mini-Filter Driver to protect PC from Ransomware☆37Feb 11, 2021Updated 5 years ago
- Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executabl…☆398Jan 29, 2022Updated 4 years ago
- CVE-2022-3699 with arbitrary kernel code execution capability☆71Dec 27, 2022Updated 3 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆160Mar 16, 2026Updated last month
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Windows NT port of 'Main is usually a function. So then when is it not?'☆27Mar 11, 2024Updated 2 years ago
- some AV / EDR / analysis studies☆10May 21, 2023Updated 2 years ago
- windows kernel pagehook☆42Oct 30, 2022Updated 3 years ago
- Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.☆394Aug 8, 2021Updated 4 years ago
- POC about how to prevent windbg break☆15Oct 3, 2022Updated 3 years ago
- 将驱动映射到会话空间☆39Aug 27, 2022Updated 3 years ago
- manual map unsigned driver over signed memory☆225Apr 11, 2024Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- ☆48Jul 7, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- ☆17Apr 18, 2023Updated 3 years ago
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆52May 13, 2023Updated 2 years ago
- Experiment to use sections as User/Kernelmode comm vector☆22Apr 7, 2023Updated 3 years ago
- Record & prevent file deletion in kernel mode☆45Jul 22, 2020Updated 5 years ago
- What makes it page☆17Aug 24, 2022Updated 3 years ago
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago