Learnings about windows Internals
☆99Nov 10, 2023Updated 2 years ago
Alternatives and similar repositories for Windows-Internals
Users that are interested in Windows-Internals are comparing it to the libraries listed below
Sorting:
- Research of modifying exported function names at runtime (C/C++, Windows)☆18May 28, 2024Updated last year
- Manually perform syscalls without going through any external API or DLL.☆19Apr 19, 2023Updated 2 years ago
- ☆16Mar 26, 2024Updated last year
- Let sliver use msf payload!☆25Mar 23, 2025Updated 11 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆289May 27, 2024Updated last year
- Artemis - C++ Hell's Gate Syscall Implementation☆34Aug 16, 2023Updated 2 years ago
- Seed Corpus for clamav-devel oss-fuzz integration.☆34Jul 30, 2019Updated 6 years ago
- HackSysExtremeVulnerableDriver exploits for latest Windows 10 version☆26Jan 13, 2026Updated last month
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆202Jun 6, 2024Updated last year
- Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…☆25Mar 26, 2020Updated 5 years ago
- Bypassing PatchGuard on modern x64 systems☆265Apr 9, 2023Updated 2 years ago
- Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.☆674Nov 9, 2023Updated 2 years ago
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆427Feb 11, 2024Updated 2 years ago
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆173Apr 27, 2023Updated 2 years ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆87Apr 11, 2023Updated 2 years ago
- A small x64 library to load dll's into memory.☆457Nov 6, 2023Updated 2 years ago
- Analysis of the vulnerability☆50Jan 23, 2024Updated 2 years ago
- Security product hook detection☆327Mar 30, 2021Updated 4 years ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆76Sep 8, 2025Updated 5 months ago
- Dynamically generated obfuscated jumps and/or function calls☆38Apr 19, 2023Updated 2 years ago
- Basic interactive Windows kernel offensive toolkit written in C☆137Sep 20, 2025Updated 5 months ago
- idk man this was the default github name☆35Apr 23, 2023Updated 2 years ago
- Executes Read/Write process memory with `NtQueryCompositionSurfaceStatistics`☆23Feb 10, 2024Updated 2 years ago
- Win32 and Kernel abusing techniques for pentesters☆975Sep 3, 2023Updated 2 years ago
- ☆38May 31, 2024Updated last year
- A basic exemple of the API-Hashing method used by Red Teamers but also by malwares developers in C++☆37Jan 10, 2024Updated 2 years ago
- A reference of Windows API function calls, including functions for file operations, process management, memory management, thread managem…☆120Nov 22, 2023Updated 2 years ago
- Simulate the behavior of AV/EDR for malware development training.☆561Feb 15, 2024Updated 2 years ago
- collection of apis used in malware development☆229Aug 2, 2022Updated 3 years ago
- Use hardware breakpoint to dynamically change SSN in run-time☆279Apr 10, 2024Updated last year
- This is a third party agent for Havoc C2 written in golang.☆59Jan 16, 2024Updated 2 years ago
- Websocket communications with Push and Poll messages☆20Oct 26, 2025Updated 4 months ago
- ☆16Jun 20, 2022Updated 3 years ago
- Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability☆216May 9, 2024Updated last year
- a tool used to analyze and monitor in named pipes☆194Oct 27, 2024Updated last year
- Files for http://blog.deniable.org/posts/windows-callbacks/☆77Feb 26, 2022Updated 4 years ago
- PoC exploiting Aligned Chunk Confusion on Windows kernel Segment Heap☆215Jul 2, 2020Updated 5 years ago