3intermute / ramiel
uefi diskless persistence technique + OVMF secureboot bypass
☆59Updated 11 months ago
Alternatives and similar repositories for ramiel:
Users that are interested in ramiel are comparing it to the libraries listed below
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆117Updated last year
- Report and exploit of CVE-2024-21305.☆35Updated last year
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆97Updated last year
- Abusing exceptions for code execution.☆109Updated 2 years ago
- ☆82Updated 9 months ago
- Integration of Microsoft Warbird with the MSVC compiler☆97Updated last year
- ☆70Updated 2 years ago
- A journal for $6,000 Riot Vanguard bounty.☆62Updated last year
- Windows kernel debugger for Linux hosts running Windows under KVM/QEMU☆70Updated 4 months ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆154Updated last year
- Makes IDA (most versions) to crash upon opening it.☆82Updated 6 months ago
- x86-64 virtualizing obfuscator written in Rust☆74Updated last year
- ☆45Updated last year
- Finding Truth in the Shadows☆89Updated 2 years ago
- Using MMIO (Memory-Mapped I/O) to read TPM 2.0 public Endorsement Key.☆42Updated 9 months ago
- A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.☆76Updated 7 months ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆131Updated 6 months ago
- vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.☆91Updated 3 years ago
- A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …☆141Updated 2 years ago
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆39Updated 4 months ago
- ☆44Updated last month
- Detours implementation (x64/x86) which used only ntdll import☆90Updated 9 months ago
- Report and exploit of CVE-2023-36427☆91Updated last year
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆72Updated 3 years ago