3intermute / ramielLinks
uefi diskless persistence technique + OVMF secureboot bypass
☆80Updated last year
Alternatives and similar repositories for ramiel
Users that are interested in ramiel are comparing it to the libraries listed below
Sorting:
- bypassing intel txt's tboot integrity checks via coreboot shim☆67Updated 2 months ago
- All LLVM binaries scrambled with SigBreaker and used to test against llvm-lit☆16Updated 3 weeks ago
- ☆90Updated last year
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆245Updated 2 years ago
- Detours implementation (x64/x86) which used only ntdll import☆89Updated 11 months ago
- Hooking Windows' exception dispatcher to protect process's PML4☆174Updated 4 months ago
- Windows kernel debugger for Linux hosts running Windows under KVM/QEMU☆81Updated last week
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆121Updated 2 years ago
- A universal binary patching dll.☆89Updated 7 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆105Updated 2 years ago
- Finding Truth in the Shadows☆92Updated 2 years ago
- Report and exploit of CVE-2024-21305.☆34Updated last year
- Exploitable drivers, you know what I mean☆132Updated last year
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆154Updated 2 years ago
- x86-64 virtualizing obfuscator written in Rust☆77Updated last year
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆63Updated last month
- A set of LLVM and GCC based plugins that perform code obfuscation.☆123Updated 2 weeks ago
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆86Updated 7 months ago
- Abusing exceptions for code execution.☆111Updated 2 years ago
- A journal for $6,000 Riot Vanguard bounty.☆63Updated last year
- SMM UEFI module and client for UMD privilege escalation☆46Updated last week
- Makes IDA (most versions) to crash upon opening it.☆88Updated 9 months ago
- vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.☆92Updated 4 years ago
- The Windbg extensions to study Hyper-V on Intel and AMD processors.☆153Updated 2 months ago
- Another UEFI runtime bootkit☆30Updated 2 years ago
- ☆71Updated 2 years ago
- Using MMIO (Memory-Mapped I/O) to read TPM 2.0 public Endorsement Key.☆40Updated last year
- Exploit MsIo vulnerable driver☆104Updated 3 years ago
- Using Windows' own bootloader as a shim to bypass Secure Boot☆170Updated 10 months ago
- PoC Anti-Rootkit/Anti-Cheat Driver.☆197Updated last month