Pdawg-bytes / UEFIBootKit
A simple UEFI bootkit made by @NSG650 and me.
☆26Updated 3 months ago
Alternatives and similar repositories for UEFIBootKit:
Users that are interested in UEFIBootKit are comparing it to the libraries listed below
- CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK)☆44Updated 5 months ago
- call gates as stable comunication channel for NT x86 and Linux x86_64☆31Updated last year
- A few examples of how to trap virtual memory access on Windows.☆28Updated 3 months ago
- ☆20Updated 2 months ago
- A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering☆34Updated 2 months ago
- In-memory hiding technique☆47Updated 2 months ago
- Mentally ill EtwTi parser☆35Updated last week
- Report and exploit of CVE-2024-21305.☆35Updated last year
- bootlicker: A terribly written but functioning UEFI shellcode bootkit patched into a firmware volume or boot device on the EFI partition☆16Updated last month
- ☆37Updated last month
- Windows AppLocker Driver (appid.sys) LPE☆53Updated 8 months ago
- An Obfuscator-LLVM based mingw-w64 toolchain.☆36Updated 3 years ago
- ☆29Updated last year
- Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.☆27Updated 2 months ago
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated last year
- ☆29Updated last month
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆43Updated 2 months ago
- Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)☆20Updated 4 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆26Updated last year
- Listing UDP connections with remote address without sniffing.☆30Updated last year
- A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.☆38Updated 3 years ago
- Proof-of-Concept for CVE-2024-26218☆50Updated 11 months ago
- ☆12Updated last year
- ☆21Updated 11 months ago
- Enabled / Disable LSA Protection via BYOVD☆66Updated 3 years ago
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆26Updated 7 months ago
- Example payload for CVE-2022-21894☆12Updated last year
- PEIM (UEFI) bootkit targeting OVMF (EDK2)☆34Updated last year
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆50Updated last year
- A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…☆26Updated last year