0xAlexei / WindowsDefenderTools
Tools for instrumenting Windows Defender's mpengine.dll
☆271Updated 6 years ago
Related projects ⓘ
Alternatives and complementary repositories for WindowsDefenderTools
- Extract Windows Defender database from vdm files and unpack it☆425Updated 4 years ago
- Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.☆308Updated 7 months ago
- Dump of win32k POCs for bugs I've found☆370Updated 2 years ago
- ☆229Updated 7 years ago
- Examples of leaking Kernel Mode information from User Mode on Windows☆579Updated 7 years ago
- Research on Windows Kernel Executive Callback Objects☆278Updated 4 years ago
- Driver Initial Reconnaissance Tool☆119Updated 4 years ago
- A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.☆421Updated 6 years ago
- This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System f…☆269Updated 4 years ago
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆216Updated last year
- FLARE Kernel Shellcode Loader☆176Updated 5 years ago
- Windows Kernel Drivers fuzzer☆295Updated 7 years ago
- ☆393Updated 7 years ago
- Universal Unhooking☆316Updated 6 years ago
- Process Doppelgänging☆154Updated 6 years ago
- Idapython script to carve binary for internal RPC structures☆214Updated 7 months ago
- Hyper-V Research is trendy now☆171Updated 6 months ago
- Quickly debug shellcode extracted during malware analysis☆562Updated last year
- An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security☆316Updated 7 years ago
- PoC exploiting Aligned Chunk Confusion on Windows kernel Segment Heap☆195Updated 4 years ago
- Toy scripts for playing with WinDbg JS API☆218Updated 4 months ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆204Updated 5 years ago
- Demos of various (also non standard) persistence methods used by malware☆218Updated last year
- Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code☆178Updated 4 years ago
- ☆107Updated 4 years ago
- A more stealthy variant of "DLL hollowing"☆337Updated 8 months ago
- This is a simple example and explanation of obfuscating API resolution via hashing☆228Updated 4 years ago
- Parsers for custom malware formats ("Funky malware formats")☆92Updated 2 years ago
- Windows RPC Python fuzzer☆155Updated 6 years ago
- Reverse engineered source code of the autochk rootkit☆196Updated 5 years ago