3intermute / ramiel
uefi diskless persistence technique + OVMF secureboot bypass
☆52Updated 6 months ago
Related projects ⓘ
Alternatives and complementary repositories for ramiel
- Makes IDA (most versions) to crash upon opening it.☆62Updated 2 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆92Updated last year
- Detours implementation (x64/x86) which used only ntdll import☆88Updated 4 months ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆154Updated last year
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆114Updated 2 months ago
- ☆80Updated 5 months ago
- Finding Truth in the Shadows☆84Updated last year
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆106Updated last year
- ☆41Updated last year
- A journal for $6,000 Riot Vanguard bounty.☆57Updated last year
- Abusing exceptions for code execution.☆106Updated last year
- Research on obfuscated licensing APIs / CLIP service in the Windows kernel☆85Updated 2 years ago
- A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.☆85Updated last year
- vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.☆89Updated 3 years ago
- Integration of Microsoft Warbird with the MSVC compiler☆85Updated last year
- ☆65Updated last year
- A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.☆73Updated 3 months ago
- A universal binary patching dll.☆79Updated last month
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆236Updated 2 years ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆172Updated 2 weeks ago
- Me fockin' pe protector☆44Updated last year
- This x64dbg plugin allows you to upload your sample to Malcore and view the results.☆32Updated last year
- A kernel vulnerability used to achieve arbitrary read-write on Windows prior to July 2022☆105Updated last year
- Small tool to convert beteween the PE alignments (raw and virtual).☆81Updated last year
- PoC Anti-Rootkit/Anti-Cheat Driver.☆157Updated last month
- Fully working kernel-mode VAC bypass☆35Updated 2 weeks ago
- An x64dbg plugin which helps make sense of long C++ symbols☆59Updated last year
- The best theme for x64dbg!☆80Updated 2 years ago
- Code from process of reversing Sysinternals Suite for educational purposes, with videos to associate them☆48Updated last year
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆104Updated 2 years ago