Offensive-Panda / NT-AUTHORITY-SYSTEM-CONTEXT-RTCORELinks
This exploit rebuilds and exploit the CVE-2019-16098 which is in driver Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. Instead of hardcoded base address of Ntoskrnl.exe, I calculated it dynamically and recalulated the fields offs…
☆24Updated 11 months ago
Alternatives and similar repositories for NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE
Users that are interested in NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE are comparing it to the libraries listed below
Sorting:
- Windows AppLocker Driver (appid.sys) LPE☆62Updated 11 months ago
- Exploiting the KsecDD Windows driver through Server Silos☆71Updated 8 months ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆78Updated 3 weeks ago
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆50Updated last year
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆27Updated last year
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆31Updated last year
- ☆40Updated 4 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Updated last year
- Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)☆25Updated last month
- One Click Tool to Scan All the Enabled Protection of current Windows NT Kernel☆43Updated last year
- Standalone Metasploit-like XOR encoder for shellcode☆47Updated last year
- Reimplementation of the KExecDD DSE bypass technique.☆50Updated 10 months ago
- A C# implementation that disables Windows Firewall bypassing UAC☆15Updated 8 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- Next gen process injection technique☆54Updated 5 years ago
- ☆30Updated 7 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆23Updated last year
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆65Updated 3 months ago
- A 64 bit executable junk code engine for polymorphic malware.☆48Updated 3 weeks ago
- HEVD Exploit: ArbitraryWrite on Windows 10 22H2 - Bypassing KVA Shadow and SMEP via PML4 Entry Manipulation☆30Updated last year
- using the gpu to hide your payload☆59Updated 2 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆38Updated last year
- NailaoLoader: Hiding Execution Flow via Patching☆20Updated 4 months ago
- API Hammering with C++20☆49Updated 2 years ago
- This program is used to perform reflective DLL Injection to a remote process specified by the user.☆65Updated 2 years ago
- ☆31Updated last year
- Various methods of executing shellcode☆71Updated 2 years ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆22Updated 2 months ago
- BYOVD Technique Example using viragt64 driver☆43Updated 11 months ago
- Windows Protected Process Light toggle tool — dynamically finds offsets and patches EPROCESS using RTCore64☆46Updated 2 months ago