Jasper1467 / WindowsDefender_RebuildLinks
An attempt at reversing WindowsDefender
☆20Updated last year
Alternatives and similar repositories for WindowsDefender_Rebuild
Users that are interested in WindowsDefender_Rebuild are comparing it to the libraries listed below
Sorting:
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆31Updated 3 years ago
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆34Updated 3 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Updated 3 years ago
- A kernel mode Windows rootkit in development.☆49Updated 3 years ago
- Small handy tool for crafting shellcodes by hand.☆18Updated 3 years ago
- ☆11Updated 3 years ago
- A PoC tool for exploiting leaked process and thread handles☆32Updated last year
- XOrCryptEx lightweight C Utility/Algorithm☆11Updated 3 years ago
- IAT-Obfuscation to make static analysis of executable harder.☆43Updated 4 years ago
- Listing UDP connections with remote address without sniffing.☆29Updated 2 years ago
- ☆26Updated 3 years ago
- ☆40Updated 2 years ago
- Phantom DLL Hollowing method implemented in modmap☆17Updated 4 years ago
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated 2 years ago
- ☆114Updated 3 years ago
- Injects position-dependent code into a code cave in an executable file, and applies relocations.☆23Updated 2 years ago
- Implementation of several code injection techniques.☆24Updated 3 years ago
- Remote PE reflective injection with a simple reflective loader☆32Updated 6 years ago
- A C++/Asm template for PIC/EXE/DLL malware☆25Updated 2 months ago
- ☆26Updated 3 years ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆90Updated 6 months ago
- Load Dll into Kernel space☆38Updated 3 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆40Updated 4 years ago
- Read Memory without ReadProcessMemory for Current Process☆89Updated 3 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆40Updated 4 years ago
- A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…☆32Updated 2 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆57Updated 3 years ago
- An example of how to use Microsoft Windows Warbird technology☆28Updated 2 years ago
- SetWinEventHook Sample☆49Updated 2 years ago
- ☆84Updated last year