0x44F / WinKit
π» Windows 10 Kernel-mode rootkit
β31Updated 2 years ago
Related projects β
Alternatives and complementary repositories for WinKit
- API Hammering with C++20β34Updated 2 years ago
- Research of modifying exported function names at runtime (C/C++, Windows)β16Updated 5 months ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)β24Updated 5 months ago
- A Bumblebee-inspired Crypterβ80Updated last year
- Just another casual shellcode native loaderβ24Updated 2 years ago
- Reduce Dynamic Analysis Detection Rates With Built-In Unhooker, Anti Analysis Techniques, And String Obfuscator Modules.β18Updated last year
- PoC arbitrary WPM without a process handleβ17Updated last year
- β15Updated 3 years ago
- An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBootβ59Updated last year
- a stage1 DLL loader with sleep obfuscationβ32Updated last year
- Collection of shellcode injection and execution techniquesβ16Updated 3 years ago
- Antivirus killer using ring-0 kernel driver. Antivirus processes will automatically close while the killer is running.β6Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.β69Updated last year
- using the gpu to hide your payloadβ47Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.β35Updated 2 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modulesβ42Updated last year
- Process Hollowing demonstration & explanationβ32Updated 3 years ago
- A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentationβ¦β22Updated last year
- using the Recycle Bin to insure persistenceβ11Updated 2 years ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loaderβ39Updated 11 months ago
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgetsβ25Updated 3 months ago
- π‘οΈ A multi-user malleable C2 framework targeting Windows. Written in C++ and Pythonβ40Updated 8 months ago
- Simple PoC to locate hooked functions by EDR in ntdll.dllβ32Updated last year
- Listing UDP connections with remote address without sniffing.β30Updated last year
- Process Injection: APC Injectionβ27Updated 3 years ago
- Reimplementation of the KExecDD DSE bypass technique.β42Updated 2 months ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploitsβ28Updated 2 years ago
- An attempt at reversing WindowsDefenderβ20Updated last month