DanielAvinoam / WindowsKernelProgrammingBookLinks
Projects I did during the reading of @zodiacon's Windows Kernel Programming book
☆10Updated 4 years ago
Alternatives and similar repositories for WindowsKernelProgrammingBook
Users that are interested in WindowsKernelProgrammingBook are comparing it to the libraries listed below
Sorting:
- the Open Source and Pure C++ Packer for eXecutables☆21Updated 2 years ago
- ☆39Updated 2 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆56Updated 2 years ago
- Process Injection: APC Injection☆33Updated 4 years ago
- A (quite) simple steganography algorithm to hide shellcodes within bitmap image.☆21Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆38Updated 2 years ago
- Yet another Windows DLL injector.☆39Updated 3 years ago
- A Study in Obfuscation: Analyzing the effect of various techniques to bypass AV engines☆42Updated 2 years ago
- A PoC tool for exploiting leaked process and thread handles☆32Updated last year
- 关闭恶意驱动的文件和注册表保护☆13Updated 3 years ago
- Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)☆21Updated 5 years ago
- Source files for my posts☆17Updated 2 years ago
- ☆54Updated 2 years ago
- A kernel mode Windows rootkit in development.☆49Updated 3 years ago
- ☆12Updated 2 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆26Updated last year
- Read Memory without ReadProcessMemory for Current Process☆76Updated 3 years ago
- ☆62Updated 3 years ago
- Enabled / Disable LSA Protection via BYOVD☆71Updated 3 years ago
- My try to implement a virtual CPU in C☆19Updated last year
- Artemis - C++ Hell's Gate Syscall Implementation☆33Updated last year
- Process doppelganging POC using direct system calls, PPID spoofing and dropbox as an external delivery channel for the payload.☆16Updated 4 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆31Updated 3 years ago
- Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.☆28Updated 2 months ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆59Updated 2 years ago
- Progress of learning kernel development☆14Updated 2 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Updated 3 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆34Updated 3 years ago
- ☆32Updated last year
- EDR/AV Simulation for Malware Development☆13Updated last year