AmitMoshel1 / PatchGuardEncryptorDriver
An improved version of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.
☆34Updated this week
Alternatives and similar repositories for PatchGuardEncryptorDriver:
Users that are interested in PatchGuardEncryptorDriver are comparing it to the libraries listed below
- Finding Truth in the Shadows☆89Updated 2 years ago
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated last year
- silence file system monitoring components by hooking their minifilters☆56Updated last year
- Compileable POC of namazso's x64 return address spoofer.☆51Updated 4 years ago
- ☆107Updated 2 years ago
- Next gen process injection technique☆45Updated 4 years ago
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆39Updated 4 months ago
- Generate a PDB file given the old PDB file and an address mapping☆42Updated 3 weeks ago
- A VMWare logger using built-in backdoor.☆27Updated 5 months ago
- ☆37Updated last month
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆51Updated 2 years ago
- Example of building an application verifer DLL☆45Updated 10 months ago
- ☆13Updated 3 months ago
- In-memory hiding technique☆47Updated 2 months ago
- Reimplementation of the KExecDD DSE bypass technique.☆47Updated 6 months ago
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆34Updated 3 years ago
- Detours implementation (x64/x86) which used only ntdll import☆90Updated 9 months ago
- Sample/PoC Windows kernel driver for detect DMA devices by using Vendor ID and Device ID signatures☆33Updated 6 months ago
- research revolving the windows filtering platform callout mechanism☆31Updated 10 months ago
- A compact tool for detecting AV/EDR hooks in default Windows libraries.☆31Updated 2 years ago
- a demo module for the kaine agent to execute and inject assembly modules☆38Updated 7 months ago
- NtCreateUserProcess with CsrClientCallServer for mainstream Windows x64 version☆28Updated 8 months ago
- ☆23Updated last week
- A native Windows library for intercepting kernel-to-user transitions using instrumentation callbacks☆17Updated last year
- LPE exploit for CVE-2023-36802☆22Updated last year
- Elevate arbitrary MSR writes to kernel execution.☆33Updated last year
- ☆14Updated last year
- Research of modifying exported function names at runtime (C/C++, Windows)☆17Updated 10 months ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆41Updated last year
- stack spoofing☆81Updated 4 months ago