A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering
☆43Jun 10, 2025Updated 8 months ago
Alternatives and similar repositories for NtCreateLowBoxToken
Users that are interested in NtCreateLowBoxToken are comparing it to the libraries listed below
Sorting:
- Emulate Drivers in RING3 with self context mapping or unicorn☆21Jan 1, 2025Updated last year
- ☆12Mar 28, 2022Updated 3 years ago
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆334Mar 6, 2025Updated 11 months ago
- ☆33Jan 23, 2025Updated last year
- ACL Viewer for Windows☆132May 4, 2025Updated 9 months ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- Just tried, unusable☆51Oct 23, 2024Updated last year
- Generate a PDB file given the old PDB file and an address mapping☆52Aug 3, 2025Updated 6 months ago
- 对Windbg以Exdi模式下调试windows做一些修复☆21Aug 25, 2023Updated 2 years ago
- ☆21Jan 15, 2025Updated last year
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆36Dec 17, 2025Updated 2 months ago
- Remove WPP calls from hexrays decompiled code☆56Jan 31, 2026Updated last month
- Executes Read/Write process memory with `NtQueryCompositionSurfaceStatistics`☆23Feb 10, 2024Updated 2 years ago
- ☆22Oct 18, 2023Updated 2 years ago
- A basic Secure Virtual Machine hypervisor☆27Feb 25, 2021Updated 5 years ago
- A Proof-of-Concept implementation of Reflective DLL Injection (RDI) specifically for Windows on ARM64. Demonstrates PEB access via the x1…☆34May 30, 2025Updated 9 months ago
- XPN's RpcEnum but based on IDA instead of Ghidra☆21Aug 17, 2019Updated 6 years ago
- silence file system monitoring components by hooking their minifilters☆60Jan 31, 2024Updated 2 years ago
- WinAPI Hook to allow WinUI 3 running in UWP environment☆23Nov 7, 2023Updated 2 years ago
- ☆28Dec 17, 2025Updated 2 months ago
- anti-ransomware file-system filter☆69Sep 3, 2024Updated last year
- Escape macOS Sandbox using sharedfilelistd exploit☆63Jun 28, 2025Updated 8 months ago
- Yet another IDA Pro/Home plugin for deobfuscating stack strings☆120Jan 25, 2026Updated last month
- A set of LLVM and GCC based plugins that perform code obfuscation.☆139Oct 20, 2025Updated 4 months ago
- An example of a camera class (upper) filter driver for Windows.☆45Aug 13, 2025Updated 6 months ago
- POC for CVE-2023-29360☆12Aug 31, 2024Updated last year
- PoC exploiting Aligned Chunk Confusion on Windows kernel Segment Heap☆215Jul 2, 2020Updated 5 years ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- Bypasses for Windows kernel callbacks PatchGuard protection☆44Aug 15, 2021Updated 4 years ago
- Using c++23 compile-time magic to produce obfuscated PIC strings and arrays.☆31Jun 5, 2024Updated last year
- Attack Active Directory Trusts with a single tool☆14Jan 15, 2025Updated last year
- Port of Mandiant ShellcodeHashes plugin from IDA to BinaryNinja☆11Jul 24, 2024Updated last year
- 一款基于James Forshaw的.NET Remoting反序列化工具升级版在TypeFilterLevel.Low模式无文件payload任意代码执行poc的开发心得☆48Jan 23, 2025Updated last year
- High-level library for executable binary file analysis☆16Feb 13, 2017Updated 9 years ago
- Windows Kernel Security: Memory Integrity Verification with Disk Verification of ntoskrnl.exe☆15Mar 23, 2025Updated 11 months ago
- Panda - is a set of utilities used to research how PsExec encrypts its traffic.☆12Apr 20, 2021Updated 4 years ago
- ☆11Jun 24, 2024Updated last year
- Dumping LSASS Evaded Endpoint Security Solutions☆18Feb 15, 2025Updated last year
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago