DownWithUp / DynamicKernelShellcode
An example of how x64 kernel shellcode can dynamically find and use APIs
☆103Updated 4 years ago
Related projects: ⓘ
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- Command like tool to print mitigation flags for running processes in a memory dump☆41Updated 4 years ago
- clone of armadillo patched for windows☆45Updated 5 months ago
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆100Updated 3 years ago
- Helper idapython code for reversing kmdf drivers☆68Updated 2 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆44Updated 6 years ago
- ☆44Updated 4 years ago
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆52Updated 2 years ago
- An command-line RPC method enumerator, born out of RPCView's awesomeness☆97Updated 5 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.☆94Updated 4 years ago
- Windows API Hashes used in the malwares☆38Updated 9 years ago
- Local OXID Resolver (LCLOR) : Research and Tooling☆31Updated 3 years ago
- This is a simple driver with x64 inline assembly☆52Updated 4 years ago
- IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).☆81Updated 2 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆108Updated 3 years ago
- CVE-2021-29337 - Privilege Escalation in MODAPI.sys (MSI Dragon Center)☆29Updated 2 years ago
- Sysmon shenanigans☆65Updated 3 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆52Updated 5 years ago
- Enabled / Disable LSA Protection via BYOVD☆61Updated 2 years ago
- ☆44Updated this week
- A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.☆35Updated 2 years ago
- ☆56Updated 2 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year
- PoC for hiding PE exports☆65Updated 3 years ago
- ☆68Updated 11 months ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆102Updated 3 years ago
- A ready-made template for a project based on libpeconv.☆40Updated last year
- ☆49Updated this week
- Resolve DOS MZ executable symbols at runtime☆93Updated 2 years ago