Ransomware detection application for Windows using Windows Minifilter driver
☆93Jun 6, 2020Updated 5 years ago
Alternatives and similar repositories for RansomWatch
Users that are interested in RansomWatch are comparing it to the libraries listed below
Sorting:
- Technion CS Ransomware Project: Writing Windows Mini-Filter Driver to protect PC from Ransomware☆37Feb 11, 2021Updated 5 years ago
- PsSetCreateProcessNotifyRoutine/Ex/Ex2 hook☆12May 30, 2024Updated last year
- ☆33Dec 22, 2020Updated 5 years ago
- Easy Transparent Encrypted File System Based on Minifilter File System Driver☆35Feb 23, 2026Updated last week
- File system minifilter driver for Windows to block symbolic link attacks.☆51Dec 16, 2020Updated 5 years ago
- A minifilter driver for detecting and blocking ransomware virus☆27Mar 4, 2018Updated 8 years ago
- It's a minifilter used for transparent-encrypting.☆343Jul 28, 2025Updated 7 months ago
- Procmonel is Procmon like monitoring system implemented using Microsoft WDK☆12Dec 25, 2019Updated 6 years ago
- Windows安全防火墙☆14Aug 25, 2020Updated 5 years ago
- Ready-to-use headers for Windows Kernel SSDT indices☆11Apr 12, 2020Updated 5 years ago
- silence file system monitoring components by hooking their minifilters☆60Jan 31, 2024Updated 2 years ago
- a dkom rootkit that targets windows x64 systems. the rootkit hooks and edits criticl memory sections in order to hide different resources…☆18Jul 5, 2023Updated 2 years ago
- This project has been moved from a private repository.☆11May 4, 2018Updated 7 years ago
- Record & prevent file deletion in kernel mode☆46Jul 22, 2020Updated 5 years ago
- a loadable windows disk filter driver☆16Nov 24, 2012Updated 13 years ago
- A minifilter driver preserves all modified and deleted files.☆79Jul 17, 2015Updated 10 years ago
- ☆27Jan 4, 2024Updated 2 years ago
- An example of a camera class (upper) filter driver for Windows.☆45Aug 13, 2025Updated 6 months ago
- filter driver to hide files and directories☆25Feb 12, 2024Updated 2 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- A Linux/Windows Ransomware PoC written in Python, Go and C☆16Jun 17, 2023Updated 2 years ago
- Static Library For Windows Drivers☆41Dec 13, 2025Updated 2 months ago
- 扫描以及恢复 r3hook 类☆10Aug 29, 2021Updated 4 years ago
- Open-source EDR kernel-component for system monitoring and DLL injection☆33Nov 14, 2020Updated 5 years ago
- Machine Learning Ransomware Detection☆35Apr 8, 2018Updated 7 years ago
- Windows file system minifilter driver which generates backup copies of certain files before they change☆47Oct 13, 2018Updated 7 years ago
- 参考《Windows内核安全与驱动开发》的透明加密解密Minifilter☆75May 29, 2022Updated 3 years ago
- Windows Sandbox Framework☆40Dec 31, 2021Updated 4 years ago
- Kernel Context [template c++] Library - K C L. Your stl for work in linux/windows kernel !!!☆11Jul 24, 2018Updated 7 years ago
- Inject dll to process in driver☆10Aug 27, 2024Updated last year
- ☆30Nov 8, 2017Updated 8 years ago
- Helper functions for calculating the authenticode digest for a portable executable file☆21Apr 30, 2020Updated 5 years ago
- Example of real-time Windows ETW packet capture session☆54Jul 12, 2017Updated 8 years ago
- ☆139Mar 21, 2020Updated 5 years ago
- Kernel based monitor to check if specified process loads libraries only from allowed directories☆12May 21, 2020Updated 5 years ago
- This repo is created to perform I/O Request Packet (IRP) driven ransomware analysis where the IRP logs were collected during ransomware e…☆11Aug 14, 2020Updated 5 years ago
- Win32 API Hook偵測☆10Oct 1, 2017Updated 8 years ago
- Source code on the 1.44MB 3.5 floppy accompanying the Windows NT File System Internals book.☆20Jul 31, 2019Updated 6 years ago
- Archive of ransomware decryptors☆34Dec 7, 2017Updated 8 years ago