Learnings about windows Internals
☆99Nov 10, 2023Updated 2 years ago
Alternatives and similar repositories for Windows-Internals
Users that are interested in Windows-Internals are comparing it to the libraries listed below
Sorting:
- Research of modifying exported function names at runtime (C/C++, Windows)☆18May 28, 2024Updated last year
- ☆16Mar 26, 2024Updated last year
- Let sliver use msf payload!☆25Mar 23, 2025Updated 11 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆290May 27, 2024Updated last year
- Artemis - C++ Hell's Gate Syscall Implementation☆34Aug 16, 2023Updated 2 years ago
- Transfer file over Dns☆10Nov 26, 2024Updated last year
- Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…☆25Mar 26, 2020Updated 5 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- A small x64 library to load dll's into memory.☆459Nov 6, 2023Updated 2 years ago
- Manually perform syscalls without going through any external API or DLL.☆19Apr 19, 2023Updated 2 years ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆77Sep 8, 2025Updated 6 months ago
- idk man this was the default github name☆35Apr 23, 2023Updated 2 years ago
- Bypassing PatchGuard on modern x64 systems☆265Apr 9, 2023Updated 2 years ago
- ☆39May 31, 2024Updated last year
- Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability☆215May 9, 2024Updated last year
- Files for http://blog.deniable.org/posts/windows-callbacks/☆83Feb 26, 2022Updated 4 years ago
- HackSysExtremeVulnerableDriver exploits for latest Windows 10 version☆26Jan 13, 2026Updated 2 months ago
- Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.☆680Nov 9, 2023Updated 2 years ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆87Apr 11, 2023Updated 2 years ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆426Feb 11, 2024Updated 2 years ago
- ☆150Mar 22, 2024Updated last year
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆173Apr 27, 2023Updated 2 years ago
- x64 version☆36Oct 8, 2021Updated 4 years ago
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…☆32May 30, 2024Updated last year
- Analysis of the vulnerability☆50Jan 23, 2024Updated 2 years ago
- For V8CTF M122☆14Aug 25, 2024Updated last year
- Dynamic-Static binary instrumentation framework on top of GDB☆50Sep 25, 2023Updated 2 years ago
- A basic exemple of the API-Hashing method used by Red Teamers but also by malwares developers in C++☆37Jan 10, 2024Updated 2 years ago
- collection of apis used in malware development☆229Aug 2, 2022Updated 3 years ago
- PoC of fuzzing closed-source userspace binaries with KVM☆167May 4, 2024Updated last year
- GreHack 2021 CodeQL for Java workshop☆73Nov 19, 2021Updated 4 years ago
- Threadless Process Injection using remote function hooking.☆810Sep 4, 2024Updated last year
- DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…☆42May 18, 2024Updated last year
- Win32 and Kernel abusing techniques for pentesters☆976Sep 3, 2023Updated 2 years ago
- Repository of different kernel drivers written while studying Windows NT Driver development☆12Apr 14, 2024Updated last year
- Simulate the behavior of AV/EDR for malware development training.☆565Feb 15, 2024Updated 2 years ago
- remote process injections using pool party techniques☆70Jun 29, 2025Updated 8 months ago
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago