0mWindyBug / RansomGuard
anti-ransomware file-system filter
☆57Updated 6 months ago
Alternatives and similar repositories for RansomGuard:
Users that are interested in RansomGuard are comparing it to the libraries listed below
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆26Updated 2 years ago
- Finding Truth in the Shadows☆89Updated 2 years ago
- Example of building an application verifer DLL☆45Updated 9 months ago
- Remote Thread Detection with a Kernel Driver☆29Updated 2 months ago
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆56Updated 6 months ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆73Updated last year
- silence file system monitoring components by hooking their minifilters☆56Updated last year
- Simple example for getting started with eBPF for Windows☆43Updated last month
- ☆70Updated 2 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆51Updated 2 years ago
- PyKD DLLs for x86 and x64 platforms☆17Updated last year
- Report and exploit of CVE-2023-36427☆91Updated last year
- SetWinEventHook Sample☆46Updated last year
- A few examples of how to trap virtual memory access on Windows.☆28Updated 3 months ago
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆56Updated 3 years ago
- An x64dbg plugin which helps make sense of long C++ symbols☆59Updated last year
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆112Updated last year
- Different tools for Microsoft Hyper-V researching☆49Updated 9 months ago
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆34Updated 3 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 4 years ago
- ☆82Updated 9 months ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆114Updated 8 months ago
- ☆23Updated last year
- 2022 Updated Kernelmode-Code☆31Updated last year
- research revolving the windows filtering platform callout mechanism☆31Updated 10 months ago
- ☆25Updated 2 years ago
- Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book☆107Updated 8 months ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆47Updated this week
- IDA Pro plugin to aid with the analysis of native IIS modules☆18Updated 7 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆98Updated last year