RafWu / RansomWatch
Ransomware detection application for Windows using Windows Minifilter driver
☆84Updated 4 years ago
Alternatives and similar repositories for RansomWatch:
Users that are interested in RansomWatch are comparing it to the libraries listed below
- A ProcMon-esque tool for monitoring Windows Kernel Drivers☆57Updated 3 years ago
- Use ci.dll API for validating Authenticode signature of files☆138Updated 3 years ago
- ☆65Updated 6 years ago
- A driver to intercept low level windows events☆63Updated 5 years ago
- WFP驱动,关联链路层和进程信息☆16Updated 3 years ago
- Easy Transparent Encrypted File System Based on Minifilter File System Driver☆34Updated 2 months ago
- Technion CS Ransomware Project: Writing Windows Mini-Filter Driver to protect PC from Ransomware☆36Updated 4 years ago
- ☆31Updated 4 years ago
- 基于MiniFilter和Sfilter的加解密☆22Updated 5 years ago
- Run Processes as PPL with ELAM☆160Updated 3 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 4 years ago
- Windows file system filter drivers(minifilter) to encrypt, compress, or otherwise modify file-based data require some of the most complex…☆125Updated 4 years ago
- Tutorial & a blog post that demonstrate how to code a Windows driver to inject a custom DLL into all running processes. I coded it from s…☆134Updated 3 years ago
- Example Windows Kernel-mode Driver which enumerates running processes.☆55Updated 2 years ago
- Simple driver to register all available process, thread, image, Registry, and Object callbacks☆120Updated 7 years ago
- Automated Integration of anti-Reversing methods in PE executables☆50Updated 6 years ago
- Using C++ STL on Windows kernle development☆88Updated 6 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆95Updated 3 months ago
- A minifilter driver preserves all modified and deleted files.☆81Updated 9 years ago
- D☆43Updated 3 years ago
- Collect various versions of ntoskrnl files☆51Updated last year
- Different methods to detect a virtualized environment or potential debugging☆9Updated 2 years ago
- Windows tool box library☆65Updated 7 years ago
- Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.☆152Updated 2 years ago
- Windows file system minifilter driver which generates backup copies of certain files before they change☆47Updated 6 years ago
- ☆23Updated 7 years ago
- This program can retrieve signature information from PE files which signed by one or more certificates on Windows. Supporting multi-signe…☆97Updated 2 years ago
- ☆37Updated 5 years ago
- Disable any USB Mass Storage device from kmode using a pnp filter driver☆63Updated 4 years ago
- kernel-mode TDI client which can send and receive HTTP requests☆55Updated 6 years ago