☆22Jan 15, 2025Updated last year
Alternatives and similar repositories for ATDCM64a-LPE
Users that are interested in ATDCM64a-LPE are comparing it to the libraries listed below
Sorting:
- Open-source EDR kernel-component for system monitoring and DLL injection☆33Nov 14, 2020Updated 5 years ago
- Windows AppLocker Driver (appid.sys) LPE☆75Jul 29, 2024Updated last year
- ☆40Jan 11, 2022Updated 4 years ago
- POC for CVE-2023-29360☆12Aug 31, 2024Updated last year
- ☆42Jun 23, 2024Updated last year
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- driver that communicates using a shared section☆92Mar 17, 2025Updated 11 months ago
- CVE-2024-30090 - LPE PoC☆108Oct 17, 2024Updated last year
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- Port of Mandiant ShellcodeHashes plugin from IDA to BinaryNinja☆11Jul 24, 2024Updated last year
- Microsoft decompiled IrDA drivers☆16Apr 15, 2015Updated 10 years ago
- Cobaltstrike UDRL with memory evasion☆15May 16, 2024Updated last year
- Hyper-V Fuzzer using hAFL2☆11May 10, 2022Updated 3 years ago
- An example of how to use Microsoft Windows Warbird technology☆97Apr 23, 2023Updated 2 years ago
- ☆153Jul 31, 2022Updated 3 years ago
- ☆12Jan 10, 2025Updated last year
- ☆12Apr 7, 2022Updated 3 years ago
- Repository of different kernel drivers written while studying Windows NT Driver development☆12Apr 14, 2024Updated last year
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆58Feb 2, 2026Updated last month
- POC exploit for CVE-2024-49138☆267Feb 14, 2025Updated last year
- A PoC tool for exploiting leaked process and thread handles☆32Feb 13, 2024Updated 2 years ago
- ☆47May 8, 2021Updated 4 years ago
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- ☆31Jan 12, 2022Updated 4 years ago
- System Call Integrity Layer - experimental security research☆25Jan 31, 2026Updated last month
- Extracted lua script from Defender mpavbase.vdm and mpasbase.vdm☆16Jul 5, 2024Updated last year
- ☆12Jul 27, 2020Updated 5 years ago
- Various reverse engineering work on Windows☆22Feb 21, 2021Updated 5 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- An example of how to spawn a process with a spoofed parent PID (Visual C++)☆29Mar 3, 2019Updated 7 years ago
- WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler☆135Jul 21, 2025Updated 7 months ago
- Using Microsoft Visual Studio 2019 Building A LLVM Out-Source-Tree Pass☆17Apr 30, 2020Updated 5 years ago
- Windbg extension port for rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.☆13Sep 8, 2023Updated 2 years ago
- Basic experimentation with Windows drivers.☆17Mar 3, 2023Updated 3 years ago
- Programming/scripting language☆18Jan 3, 2025Updated last year
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆69Oct 10, 2025Updated 4 months ago
- Process Hollowing in Rust with Process Executable Relocation Support for both 32 and 64 bit architecture environments.☆22Jan 6, 2025Updated last year
- ☆57Apr 19, 2023Updated 2 years ago