Cr4sh / SmmBackdoorNgView external linksLinks
Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks
☆354Nov 3, 2023Updated 2 years ago
Alternatives and similar repositories for SmmBackdoorNg
Users that are interested in SmmBackdoorNg are comparing it to the libraries listed below
Sorting:
- SMM rootkit similar to LoJax or MosaicRegressor☆145Nov 1, 2023Updated 2 years ago
- ☆264Sep 2, 2025Updated 5 months ago
- alternative smm driver for ryzen motherboards☆188Oct 12, 2024Updated last year
- Autonomous pre-boot DMA attack hardware implant for M.2 slot based on PicoEVB development board☆101Oct 21, 2023Updated 2 years ago
- PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for li…☆849May 20, 2024Updated last year
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆587Aug 2, 2025Updated 6 months ago
- First open source and publicly available System Management Mode backdoor for UEFI based platforms. Good as general purpose playground for…☆629Oct 9, 2023Updated 2 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆265Aug 31, 2022Updated 3 years ago
- ☆355May 11, 2025Updated 9 months ago
- Admin to Kernel code execution using the KSecDD driver☆264Apr 19, 2024Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆901Jul 20, 2024Updated last year
- UEFI and SMM Assessment Tool☆213Nov 21, 2024Updated last year
- The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303…☆144Mar 29, 2021Updated 4 years ago
- A small bootkit which does not rely on x64 assembly.☆510Aug 29, 2019Updated 6 years ago
- HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…☆376Jun 3, 2023Updated 2 years ago
- Another UEFI runtime bootkit☆36May 8, 2023Updated 2 years ago
- Load a dynamic library from memory by modifying the native Windows loader☆282Jun 18, 2025Updated 7 months ago
- The Definitive Guide To Process Cloning on Windows☆539Jan 3, 2024Updated 2 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Apr 13, 2023Updated 2 years ago
- Using Windows' own bootloader as a shim to bypass Secure Boot☆220Jul 17, 2024Updated last year
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆243Sep 26, 2023Updated 2 years ago
- baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability☆348Sep 27, 2023Updated 2 years ago
- PoCs for Kernelmode rootkit techniques research.☆429Nov 4, 2025Updated 3 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆408Jan 11, 2026Updated last month
- For when DLLMain is the only way☆423Oct 29, 2024Updated last year
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆225Jul 25, 2023Updated 2 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆246Jul 9, 2024Updated last year
- Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)☆563Sep 12, 2023Updated 2 years ago
- ☆42Feb 18, 2025Updated 11 months ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆317Oct 13, 2024Updated last year
- Finding Truth in the Shadows☆120Jan 26, 2023Updated 3 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆132Apr 26, 2023Updated 2 years ago
- ROP-based sleep obfuscation to evade memory scanners☆375Jun 22, 2025Updated 7 months ago
- Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.☆671Nov 9, 2023Updated 2 years ago
- Hooking Windows' exception dispatcher to protect process's PML4☆225Jan 24, 2025Updated last year
- Cobalt Strike UDRL for memory scanner evasion.☆1,004Jun 4, 2024Updated last year
- uefi diskless persistence technique + OVMF secureboot bypass☆95Apr 22, 2024Updated last year
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆612Jan 2, 2025Updated last year
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆321Jan 17, 2024Updated 2 years ago