关闭恶意驱动的文件和注册表保护
☆14Jun 28, 2022Updated 3 years ago
Alternatives and similar repositories for KillDriverProtect
Users that are interested in KillDriverProtect are comparing it to the libraries listed below
Sorting:
- Use NtSetInformationThread(ThreadBreakOnTermination) for anti-debugging☆15Sep 21, 2019Updated 6 years ago
- Former UEFI Firmware Rootkit Replicating MoonBounce / ESPECTRE☆11Jun 14, 2022Updated 3 years ago
- DUQU MALWARE SOURCE + BINARY + More coming☆12Feb 6, 2023Updated 3 years ago
- ☆37Feb 11, 2023Updated 3 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 3 years ago
- ☆13Sep 14, 2023Updated 2 years ago
- Six cases demonstrating methods of optimizing GetProcAddress☆18Jan 3, 2022Updated 4 years ago
- Bypass Windows defender syscall☆18Jul 17, 2021Updated 4 years ago
- Loading and executing shellcode in C# without PInvoke.☆22Jan 10, 2022Updated 4 years ago
- Linux-KVM with rVMI extensions☆22Aug 28, 2017Updated 8 years ago
- hook KeyboardClassServiceCallback to prevent messing up sistema☆26Nov 14, 2023Updated 2 years ago
- Automatically exported from code.google.com/p/portable-executable-library☆22Oct 5, 2019Updated 6 years ago
- ☆59Oct 17, 2024Updated last year
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆58Feb 2, 2026Updated last month
- NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes.☆67Jan 20, 2024Updated 2 years ago
- A (quite) simple steganography algorithm to hide shellcodes within bitmap image.☆25May 4, 2024Updated last year
- A lightweight GUI tool that implements some typical block cipher, coding, hashing, and multi-architecture assemble/disassembly framework,…☆27Nov 21, 2024Updated last year
- External Hooking ( Bypasss process byte patching checks | Injector included )☆22Mar 12, 2023Updated 2 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- ☆61Jun 26, 2022Updated 3 years ago
- 该项目为Shellocde加载器,详细介绍了我们如何绕过防病毒软件,以及该工具如何使用☆22Jun 22, 2022Updated 3 years ago
- The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section☆111Jul 15, 2023Updated 2 years ago
- QEMU with rVMI extensions☆25Jul 25, 2017Updated 8 years ago
- ☆37May 9, 2023Updated 2 years ago
- ☆60Dec 15, 2023Updated 2 years ago
- ☆26Sep 29, 2022Updated 3 years ago
- 以shellcode注入其它驱动执行,躲避驱动签名检测,曾pubg项目中使用,,,当然现在,,,☆27Oct 19, 2022Updated 3 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- 横向移动三剑客 ( Lateral movement tools)☆30Nov 16, 2021Updated 4 years ago
- ☆35Dec 21, 2023Updated 2 years ago
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆35Oct 31, 2023Updated 2 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- idk man this was the default github name☆35Apr 23, 2023Updated 2 years ago
- Call the CLR interface from memory to load powershell, process-less powershell☆15Sep 7, 2023Updated 2 years ago
- Hide a loaded dynamic link library from memory☆34Jun 13, 2021Updated 4 years ago
- Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …☆83Jan 12, 2023Updated 3 years ago
- 无痕注入1☆77Jun 1, 2021Updated 4 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆43May 6, 2023Updated 2 years ago
- Read Memory without ReadProcessMemory for Current Process☆92Feb 13, 2022Updated 4 years ago