An example of how to use Microsoft Windows Warbird technology
☆97Apr 23, 2023Updated 2 years ago
Alternatives and similar repositories for WarbirdExamples
Users that are interested in WarbirdExamples are comparing it to the libraries listed below
Sorting:
- A way to detect DBI frameworks, Debuggers and VMs.☆24Nov 17, 2020Updated 5 years ago
- Reverse engineered API for Microsoft's Time Travel Debugger☆36Apr 18, 2024Updated last year
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- ☆59Feb 19, 2026Updated last month
- ☆13Sep 25, 2023Updated 2 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆271Aug 31, 2022Updated 3 years ago
- Virtual Tagger Plugin is a Cutter plugin that significantly improves handling and analysis of vtables and virtual functions☆16Mar 23, 2023Updated 2 years ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆97Apr 3, 2025Updated 11 months ago
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆103Jan 26, 2026Updated last month
- Reimplementation of Microsoft's Warbird obuscator☆207Jun 24, 2024Updated last year
- Admin to Kernel code execution using the KSecDD driver☆264Apr 19, 2024Updated last year
- ☆22Jan 15, 2025Updated last year
- Clone running process with ZwCreateProcess☆59Nov 8, 2020Updated 5 years ago
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆36Jan 12, 2022Updated 4 years ago
- Collection of scripts and CMake files to easily link to LLVM into your project (Windows, Linux, macOS).☆43Apr 2, 2025Updated 11 months ago
- rpv-web is a browser based frontend for the rpv library☆27Nov 21, 2025Updated 3 months ago
- A WinDbg extension to trace COM interactions☆131Aug 14, 2025Updated 7 months ago
- ☆31Jan 12, 2022Updated 4 years ago
- ☆275Jan 14, 2023Updated 3 years ago
- Evasion kit for Cobalt Strike☆30Jan 16, 2026Updated 2 months ago
- break link between dll and it file on disk☆12Sep 2, 2024Updated last year
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆55Dec 30, 2025Updated 2 months ago
- A framework for lifting ARM32 to LLVM-IR and merging resulting code with LLVM-IR generated from source-code.☆12Oct 20, 2022Updated 3 years ago
- Enable SEH support for manual mapped x86-32bit PEs☆69Mar 18, 2019Updated 7 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆244Sep 26, 2023Updated 2 years ago
- Lightweight WINAPI tracing with Pin☆27Aug 22, 2019Updated 6 years ago
- Multiplayer snake game written at a single weekend☆13Jul 10, 2019Updated 6 years ago
- C++ Assembler with Built-in Mutation Engine☆30Sep 6, 2025Updated 6 months ago
- The updated PE file manipulation library from RetDec project.☆21Nov 24, 2023Updated 2 years ago
- Allows you to parse all messages sent to DbgPrint without any process interaction.☆32Apr 8, 2020Updated 5 years ago
- Disks for DMA☆145Apr 28, 2021Updated 4 years ago
- devirtualization vmprotect☆65Mar 11, 2023Updated 3 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- A Crystal Palace shared library to resolve & perform syscalls☆58Oct 29, 2025Updated 4 months ago
- Optimized zlib inflate (+gzip) library for embedded☆40Jul 15, 2024Updated last year
- It stinks☆103Apr 22, 2022Updated 3 years ago
- A Poc on blocking Procmon from monitoring network events☆111Aug 7, 2025Updated 7 months ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆267Oct 16, 2024Updated last year
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago