0mWindyBug / RansomGuard
anti-ransomware file-system filter
☆48Updated 2 months ago
Related projects ⓘ
Alternatives and complementary repositories for RansomGuard
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆49Updated last year
- Finding Truth in the Shadows☆84Updated last year
- ☆24Updated last year
- Example of building an application verifer DLL☆44Updated 5 months ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆100Updated last year
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆47Updated 2 months ago
- ☆38Updated last month
- C# implementation to produce ROR-13 numeric hash for given function API name☆31Updated 5 years ago
- ☆17Updated 3 years ago
- Enabled / Disable LSA Protection via BYOVD☆62Updated 2 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆96Updated last year
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆33Updated 2 years ago
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆28Updated 2 years ago
- ☆82Updated 5 months ago
- Detours implementation (x64/x86) which used only ntdll import☆88Updated 5 months ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- ☆27Updated 2 years ago
- Repository of Microsoft Driver Block Lists based off of OS-builds☆39Updated 7 months ago
- An x64dbg plugin which helps make sense of long C++ symbols☆59Updated last year
- Small tool to convert beteween the PE alignments (raw and virtual).☆81Updated last year
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆105Updated 2 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆111Updated 4 months ago
- Report and exploit of CVE-2023-36427☆87Updated last year
- ☆18Updated last year
- ☆65Updated last year
- PoC for the Untrusted Pointer Dereference in the appid.sys driver☆13Updated 7 months ago
- silence file system monitoring components by hooking their minifilters☆51Updated 9 months ago
- Local OXID Resolver (LCLOR) : Research and Tooling☆33Updated 3 years ago
- Inject unsigned DLL into Protected Process Light (PPL)☆13Updated last year
- research revolving the windows filtering platform callout mechanism☆22Updated 5 months ago