0x44F / WinKitLinks
π» Windows 10 Kernel-mode rootkit
β32Updated 3 years ago
Alternatives and similar repositories for WinKit
Users that are interested in WinKit are comparing it to the libraries listed below
Sorting:
- A Bumblebee-inspired Crypterβ78Updated 2 years ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderpingβ64Updated 3 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.β40Updated 4 years ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploitsβ31Updated 3 years ago
- Process Hollowing demonstration & explanationβ34Updated 4 years ago
- using the gpu to hide your payloadβ62Updated 3 years ago
- A repository filled with ideas to break/detect direct syscall techniquesβ27Updated 3 years ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sysβ50Updated 2 years ago
- Read Memory without ReadProcessMemory for Current Processβ89Updated 3 years ago
- Shellcodev is a tool designed to help and automate the process of shellcode creation.β111Updated 2 years ago
- β114Updated 3 years ago
- Piece of code to detect and remove hooks in IATβ65Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryptionβ90Updated 2 years ago
- Listing UDP connections with remote address without sniffing.β31Updated 2 years ago
- Process Injection: APC Injectionβ32Updated 4 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.β74Updated 4 years ago
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCrβ¦β63Updated last year
- Bypass UAC elevation on Windows 8 (build 9600) & above.β57Updated 3 years ago
- Simple and sane compression wrapper library.β18Updated 3 years ago
- Standalone Metasploit-like XOR encoder for shellcodeβ50Updated last year
- β39Updated 2 years ago
- β58Updated 2 years ago
- β65Updated 3 years ago
- β16Updated 4 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modulesβ42Updated 2 years ago
- Small PoC of using a Microsoft signed executable as a lolbin.β139Updated 2 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwrittiβ¦β40Updated 4 years ago
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections aβ¦β59Updated 3 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)β84Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.β36Updated 3 years ago