Zerokit/GAPZ rootkit (non buildable and only for researching)
☆185Mar 30, 2019Updated 6 years ago
Alternatives and similar repositories for zerokit
Users that are interested in zerokit are comparing it to the libraries listed below
Sorting:
- Zerokit shared code☆17Mar 28, 2019Updated 6 years ago
- User-mode part of Zerokit platform☆22Mar 30, 2019Updated 6 years ago
- Analysis and Modification Tool for Executables☆17Mar 28, 2019Updated 6 years ago
- Public documents related to my talk "Bypass Windows Exploit Guard ASR" at Offensive Con 2019.☆94Feb 24, 2019Updated 7 years ago
- A tiny PoC to inject and execute code into explorer.exe with WM_SETTEXT+WM_COPYDATA+SetThreadContext☆53Apr 29, 2018Updated 7 years ago
- A novel technique to hide code from debuggers & disassemblers☆161Aug 9, 2024Updated last year
- exploit termdd.sys(support kb4499175)☆61Jul 15, 2019Updated 6 years ago
- Process reimaging proof of concept code☆97Jun 21, 2019Updated 6 years ago
- ANBU (Automatic New Binary Unpacker) a tool for me to learn about PIN and about algorithms for generic unpacking.☆91May 23, 2019Updated 6 years ago
- Simple library to handle PE files loading, relocating, get/set data, ..., in addition to process handling☆32Aug 7, 2019Updated 6 years ago
- AppXSvc Arbitrary File Security Descriptor Overwrite EoP☆20Sep 15, 2019Updated 6 years ago
- idenLib - Library Function Identification [This project is not maintained anymore]☆395Mar 17, 2019Updated 6 years ago
- Windows 10 UAC bypass PoC using LaunchInfSection☆35Aug 3, 2018Updated 7 years ago
- Hyper-V Research is trendy now☆198May 6, 2024Updated last year
- Windows Drivers☆100Apr 6, 2019Updated 6 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆55Jul 8, 2022Updated 3 years ago
- Virtual Machine Introspection, Tracing & Debugging☆596Feb 22, 2022Updated 4 years ago
- Local privilege escalation PoC exploit for CVE-2019-16098☆201Sep 13, 2019Updated 6 years ago
- Simple 32/64-bit PEs loader.☆139Dec 19, 2018Updated 7 years ago
- Reverse engineered source code of the autochk rootkit☆209Nov 1, 2019Updated 6 years ago
- Protects deletion of files with a specified extension using a kernel-mode driver.☆76Jul 16, 2018Updated 7 years ago
- Kernel mode windows NT API logger☆22Sep 9, 2019Updated 6 years ago
- Tool for injecting a "TCP Relay" managed assembly into unmanaged processes☆117May 23, 2019Updated 6 years ago
- ☆46Jun 14, 2018Updated 7 years ago
- ☆164May 18, 2018Updated 7 years ago
- makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]☆743Mar 17, 2019Updated 6 years ago
- POC viruses I have created to demo some ideas☆59Apr 12, 2020Updated 5 years ago
- Diff tool for comparing symbols in PDB files☆84Mar 4, 2020Updated 5 years ago
- My repository to upload drivers from different books and all the information related to windows internals.☆163Aug 16, 2019Updated 6 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆431May 22, 2020Updated 5 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated last year
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- PoC for CVE-2019-0888 - Use-After-Free in Windows ActiveX Data Objects (ADO)☆40Jul 9, 2019Updated 6 years ago
- PoC designed to evade userland-hooking anti-virus.☆90May 15, 2019Updated 6 years ago
- DrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior☆280Nov 3, 2019Updated 6 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆158Jun 10, 2019Updated 6 years ago
- Research on Windows Kernel Executive Callback Objects☆315Feb 22, 2020Updated 6 years ago
- Stealthy backdoor for Windows operating systems☆283Feb 13, 2020Updated 6 years ago
- Execute an arbitrary command within the context of another process☆21Jun 28, 2019Updated 6 years ago