Meowoverflow / Rootkits_Subverting_the_Windows_Kernel
source code for the examples and topics from the book
☆10Updated 5 years ago
Related projects ⓘ
Alternatives and complementary repositories for Rootkits_Subverting_the_Windows_Kernel
- An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples☆66Updated 2 years ago
- "An Introduction to Windows Exploit Development" is an open sourced, free Windows exploit development course I created for the Southeast …☆39Updated 4 years ago
- How to set up 2 VirtualBox VM to debug kernel driver using windbg☆50Updated 2 years ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆9Updated last year
- A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.☆85Updated last year
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆93Updated last year
- short crackme for Windows XP SP3 (32 bit version). ring0 stuff. IMO very fun x-)☆23Updated last year
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- NT AUTHORITY\SYSTEM☆38Updated 4 years ago
- A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.☆36Updated 2 years ago
- ☆14Updated 2 years ago
- 64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free☆58Updated last year
- Neutralize KEPServerEX anti-debugging techniques☆31Updated last year
- call gates as stable comunication channel for NT x86 and Linux x86_64☆30Updated last year
- Simple project using syscalls (via Syswhispers2) to execute MessageBox shellcode.☆73Updated 3 years ago
- This x64dbg plugin allows you to upload your sample to Malcore and view the results.☆32Updated last year
- Report and exploit of CVE-2023-36427☆87Updated last year
- An Xdbg Plugin of the ERC Library.☆26Updated 9 months ago
- ☆98Updated 2 years ago
- Enabled / Disable LSA Protection via BYOVD☆62Updated 2 years ago
- vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.☆89Updated 3 years ago
- Here are some of my malware reversing papers that I will be publishing☆31Updated 2 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆31Updated 3 years ago
- ☆12Updated last year
- A UEFI extraction tool☆11Updated 2 weeks ago
- POC of a better implementation of GetProcAddress for ntdll using binary search☆94Updated 7 months ago
- ☆27Updated 2 years ago
- Extract data of TTD trace file to a minidump☆28Updated last year
- ☆17Updated 3 years ago
- Abusing exceptions for code execution.☆107Updated last year