POPFD / cascade
A thin introspection hypervisor framework that allows for low level resource manipulation.
☆9Updated 7 months ago
Related projects: ⓘ
- PEIM (UEFI) bootkit targeting OVMF (EDK2)☆33Updated 9 months ago
- An example of how to use Microsoft Windows Warbird technology☆24Updated last year
- Take back control of Windows Code Integrity, no exploits or patching required! Requires that you control your own Platform Key (PK).☆36Updated 2 years ago
- Windows kernel driver template for cmkr and llvm-msvc.☆32Updated 8 months ago
- C/C++ antidebugging library for 32 and 64 bit processors☆10Updated 2 months ago
- This is a ring -1 header framework in order to simplify the creation of hypervisors on SVM☆22Updated 10 months ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- Playing with LLVM passes☆34Updated last year
- Report and exploit of CVE-2024-21305.☆29Updated 8 months ago
- ASUSTeK AsIO3 I/O driver unlock☆19Updated 3 years ago
- hypervisor enforced patch protection for the linux kernel with xen + libvmi, libvmi KASLR offset spoofer☆27Updated 4 months ago
- A minimalistic logger for Windows Kernel Drivers.☆20Updated 6 months ago
- Unicorn Engine port for UEFI firmware☆41Updated 4 months ago
- Rust library for lifting raw binary data to LLVM IR☆37Updated last month
- Binary Ninja plugin to perform automated analysis of Windows drivers☆16Updated 5 years ago
- Plugin for x64dbg to disable parallel loading of dependencies☆19Updated 2 years ago
- Binary Ninja plugin for automating VMProtect analysis☆55Updated last year
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆46Updated last year
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆57Updated last year
- A driver to implement IOCTL hooking☆23Updated 2 years ago
- Me fockin' pe protector☆45Updated last year
- A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.☆62Updated last month
- A demonstration of hooking into the VMProtect-2 virtual machine☆16Updated 10 months ago
- devirtualization vmprotect☆59Updated last year
- api-tracer is a tiny (useless) tracer☆14Updated last year
- Runtime smm module loader☆30Updated last year
- A Binary Ninja plugin to deobfuscate Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.☆16Updated last month
- How Meltdown and Spectre haunt Anti-Cheat: DVRT details☆18Updated 3 weeks ago
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆27Updated last year
- ☆15Updated last year