0x44F / WinKit
π» Windows 10 Kernel-mode rootkit
β31Updated 2 years ago
Alternatives and similar repositories for WinKit:
Users that are interested in WinKit are comparing it to the libraries listed below
- Process Hollowing demonstration & explanationβ35Updated 4 years ago
- A Bumblebee-inspired Crypterβ80Updated 2 years ago
- Collection of shellcode injection and execution techniquesβ16Updated 3 years ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploitsβ28Updated 2 years ago
- Reduce Dynamic Analysis Detection Rates With Built-In Unhooker, Anti Analysis Techniques, And String Obfuscator Modules.β19Updated 2 years ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)β25Updated 11 months ago
- Antivirus killer using ring-0 kernel driver. Antivirus processes will automatically close while the killer is running.β6Updated 2 years ago
- Just another casual shellcode native loaderβ24Updated 3 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modulesβ41Updated 2 years ago
- β54Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.β69Updated last year
- A simple PE loader.β26Updated 2 years ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.β31Updated 10 months ago
- A more advanced free and open .NET obfuscator using dnlib.β10Updated 2 years ago
- C code to enable ETW tracing for Dotnet Assembliesβ31Updated 2 years ago
- using the gpu to hide your payloadβ57Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.β35Updated 3 years ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sysβ50Updated 2 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwrittiβ¦β40Updated 3 years ago
- C++ implementation of DOUBLEPULSAR usermode shellcode. Yet another Reflective DLL loader.β30Updated 3 years ago
- A very weird RATβ19Updated 2 years ago
- β12Updated 4 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.β39Updated 4 years ago
- Bypass UAC at any level by abusing the Task Scheduler and environment variablesβ31Updated 3 years ago
- Listing UDP connections with remote address without sniffing.β29Updated last year
- A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentationβ¦β26Updated last year
- API Hammering with C++20β46Updated 2 years ago
- Phantom DLL Hollowing method implemented in modmapβ17Updated 3 years ago
- Process Injection: APC Injectionβ31Updated 4 years ago
- Change hash for a signed peβ16Updated last year