NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other means) by safeguarding defense products (AntiVirus / Endpoint Protection) and kernel memory structures and preventing unauthorized access to kernel memory…
☆252Feb 19, 2026Updated last week
Alternatives and similar repositories for NovaHypervisor
Users that are interested in NovaHypervisor are comparing it to the libraries listed below
Sorting:
- Rewrite and obfuscate code in compiled binaries☆273Dec 13, 2025Updated 2 months ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- x86-64 Automated test data generator☆26Aug 18, 2025Updated 6 months ago
- Hooking Windows' exception dispatcher to protect process's PML4☆228Jan 24, 2025Updated last year
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆122Sep 8, 2024Updated last year
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- binary instrumentation, analysis, and patching framework☆100Feb 20, 2026Updated last week
- Research-focused hypervisor offering advanced tools for debugging, virtual machine introspection, and automation.☆44Nov 21, 2025Updated 3 months ago
- An x86-64 Code Virtualizer☆309Sep 26, 2024Updated last year
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- A set of LLVM and GCC based plugins that perform code obfuscation.☆140Oct 20, 2025Updated 4 months ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆76Sep 8, 2025Updated 5 months ago
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- A serie of exploits targeting eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W☆116Oct 19, 2025Updated 4 months ago
- memory introspection and reverse engineering hypervisor powered by leveraging Hyper-V☆569Nov 15, 2025Updated 3 months ago
- A x86_64 software emulator☆162Aug 25, 2025Updated 6 months ago
- Anti-Rootkit/Anti-Cheat Driver to uncover unbacked or hidden kernel code.☆297Dec 10, 2025Updated 2 months ago
- kASLR bypass technique on Intel CPUs.☆32May 18, 2025Updated 9 months ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆93Jul 7, 2025Updated 7 months ago
- Collection of hypervisor detections☆297Sep 25, 2024Updated last year
- converts sRDI compatible dlls to shellcode☆35Jan 20, 2025Updated last year
- Proof of concepts demonstrating some aspects of the Windows kernel shadow stack mitigation.☆54Jun 2, 2025Updated 9 months ago
- bootkit驱动映射,三环进程注入加载指定模块☆14Oct 8, 2024Updated last year
- Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)☆343Aug 31, 2024Updated last year
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- WinVisor - A hypervisor-based emulator for Windows x64 user-mode executables using Windows Hypervisor Platform API☆642Jan 23, 2025Updated last year
- an obfuscator based on LLVM which can obfuscate the program execution trajectory☆107Mar 15, 2021Updated 4 years ago
- Mixed Boolean-Arithmetic in Rust for WebAssembly☆30Jun 14, 2025Updated 8 months ago
- An example reference design for a proposed BOF PE☆200Jan 23, 2026Updated last month
- Windows 11 24H2-25H2 Runtime PatchGuard Bypass☆252Nov 4, 2025Updated 4 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated last year
- Proof-of-concept modular implant platform leveraging v8☆54Mar 4, 2025Updated 11 months ago
- ☆361May 11, 2025Updated 9 months ago
- Header-only C++ library for producing PE files.☆36Jun 17, 2023Updated 2 years ago
- Collect Windows telemetry for Maldev☆460Jan 30, 2026Updated last month
- Admin to Kernel code execution using the KSecDD driver☆265Apr 19, 2024Updated last year
- Hunting and injecting RWX 'mockingjay' DLLs in pure nim☆60Dec 11, 2024Updated last year
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆115Aug 29, 2022Updated 3 years ago
- ☆275Sep 2, 2025Updated 6 months ago