AdamOron / PatchGuardBypass
Bypassing PatchGuard on modern x64 systems
☆258Updated 2 years ago
Alternatives and similar repositories for PatchGuardBypass:
Users that are interested in PatchGuardBypass are comparing it to the libraries listed below
- Load your driver like win32k.sys☆252Updated 2 years ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆179Updated last year
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆318Updated 2 years ago
- ☆280Updated 3 weeks ago
- PoC Anti-Rootkit/Anti-Cheat Driver.☆190Updated last week
- manual map unsigned driver over signed memory☆186Updated last year
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆212Updated 4 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆202Updated 3 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆120Updated 2 years ago
- Hooking Windows' exception dispatcher to protect process's PML4☆167Updated 3 months ago
- State of the art DLL injector that took 20 minutes to make☆214Updated last year
- Demo proof of concept for shadow regions, and implementation of HyperDeceit.☆275Updated last year
- Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.☆257Updated last year
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆198Updated 6 months ago
- Debugger Anti-Detection Benchmark☆332Updated last year
- Browse Page Tables on Windows (Page Table Viewer)☆198Updated 3 years ago
- Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.☆323Updated 3 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆245Updated 2 years ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆278Updated 6 months ago
- Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executabl…☆323Updated 3 years ago
- Windows Kernel inject (no module no thread)☆275Updated 2 years ago
- Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vu…☆241Updated 3 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆154Updated 2 years ago
- ☆200Updated 2 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆236Updated 3 years ago
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.☆143Updated 3 years ago
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆168Updated last year
- Using Windows' own bootloader as a shim to bypass Secure Boot☆169Updated 9 months ago
- Kernel LdrLoadDll injector☆260Updated 6 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆129Updated 3 years ago