Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when attackers disable standard process notify callbacks.
☆93Jul 7, 2025Updated 7 months ago
Alternatives and similar repositories for BamExtensionTableHook
Users that are interested in BamExtensionTableHook are comparing it to the libraries listed below
Sorting:
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆137Apr 6, 2025Updated 10 months ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 3 months ago
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆60Jan 5, 2026Updated last month
- Windows User-Mode Shellcode Development Framework (WUMSDF)☆125Nov 17, 2025Updated 3 months ago
- Reports on Driver, LSASS and other security services mitigations☆34Aug 18, 2025Updated 6 months ago
- Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)☆57Jun 15, 2025Updated 8 months ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- A tool for coercing and relaying Kerberos authentication over DCOM and RPC.☆146Jul 17, 2025Updated 7 months ago
- Intel 64/Windows low-level experiments☆63Aug 25, 2025Updated 6 months ago
- Linux Process Injection via Seccomp Notifier☆83Dec 9, 2025Updated 2 months ago
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 7 months ago
- Umbrella will protect your shellcode from the rain.☆31Jun 4, 2025Updated 8 months ago
- A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Cal…☆256Jun 10, 2025Updated 8 months ago
- Quickly find differences and similarities in disassembled code☆40Nov 21, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- Leverage WindowsApp createdump tool to obtain an lsass dump☆153Sep 20, 2024Updated last year
- a demo module for the kaine agent to execute and inject assembly modules☆41Aug 28, 2024Updated last year
- ☆109Feb 17, 2025Updated last year
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- A robust Windows Process Executable Packer and Launcher implementation written in Rust for Windows x64 systems.☆42Jan 9, 2025Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆137Apr 18, 2025Updated 10 months ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆166Jul 30, 2025Updated 7 months ago
- Anti-Rootkit/Anti-Cheat Driver to uncover unbacked or hidden kernel code.☆297Dec 10, 2025Updated 2 months ago
- Attack Active Directory Trusts with a single tool☆14Jan 15, 2025Updated last year
- Simple reverse ICMP shell☆14Apr 30, 2024Updated last year
- 在线安软识别☆12Aug 6, 2025Updated 6 months ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆34Jun 23, 2024Updated last year
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆85Oct 20, 2025Updated 4 months ago
- A .NET assembly tracer using Harmony for runtime method interception.☆50Oct 24, 2025Updated 4 months ago
- Hijacking Hyper-V at Runtime with DDMA☆76Aug 13, 2025Updated 6 months ago
- Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does☆95Jul 3, 2025Updated 7 months ago
- Automated Evilginx phishlet creator Extension for Burpsuite☆63Jan 10, 2025Updated last year
- Hooking Windows' exception dispatcher to protect process's PML4☆228Jan 24, 2025Updated last year
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 4 months ago
- A BOF that's a BOF Loader and more☆198Jan 17, 2026Updated last month
- Obex – Blocking unwanted DLLs in user mode☆281Sep 18, 2025Updated 5 months ago
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆18Mar 19, 2025Updated 11 months ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆210Aug 21, 2025Updated 6 months ago