TheMalwareGuardian / Abismo

Related projects ⓘ

Alternatives and complementary repositories for Abismo

• connormcgarr / EATGuard
  Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)
  ☆92Updated last year
• TheMalwareGuardian / Awesome-Bootkits-Rootkits-Development
  A curated compilation of extensive resources dedicated to bootkit and rootkit development.
  ☆15Updated 4 months ago
• eversinc33 / unKover
  PoC Anti-Rootkit/Anti-Cheat Driver.
  ☆157Updated last month
• mrexodia / lolbin-poc
  Small PoC of using a Microsoft signed executable as a lolbin.
  ☆132Updated last year
• uf0o / windows-ps-callbacks-experiments
  Files for http://blog.deniable.org/posts/windows-callbacks/
  ☆67Updated 2 years ago
• maziland / StackBombing
  Next gen process injection technique
  ☆42Updated 4 years ago
• jdu2600 / Etw-SyscallMonitor
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆49Updated last year
• realoriginal / grimreaper
  A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls
  ☆102Updated last month
• ZeroMemoryEx / Hooks_Hunter
  Detect API Hooks
  ☆68Updated 2 years ago
• jdu2600 / CFG-FindHiddenShellcode
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆100Updated last year
• Reijaff / offensive_c
  ☆40Updated last year
• TheMalwareGuardian / Bentico
  Windows Kernel Mode Rootkit
  ☆10Updated 7 months ago
• XaFF-XaFF / Kernel-Process-Hollowing
  Windows x64 kernel mode rootkit process hollowing POC.
  ☆182Updated last year
• SaadAhla / BlockOpenHandle
  Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…
  ☆165Updated last year
• gabriellandau / ShadowStackWalk
  Finding Truth in the Shadows
  ☆84Updated last year
• jdu2600 / EtwTi-FluctuationMonitor
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆95Updated last year
• ZeroMemoryEx / Tokenizer
  Kernel Mode Driver for Elevating Process Privileges
  ☆130Updated last year
• realoriginal / angryorchard
  A kernel vulnerability used to achieve arbitrary read-write on Windows prior to July 2022
  ☆105Updated last year
• capt-meelo / KernelCallbackTable-Injection
  Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
  ☆99Updated 2 years ago
• realoriginal / blacklotus
  A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.
  ☆85Updated last year
• rbmm / NtDetours
  Detours implementation (x64/x86) which used only ntdll import
  ☆88Updated 4 months ago
• xalicex / Unhook-Import-Address-Table
  Piece of code to detect and remove hooks in IAT
  ☆58Updated 2 years ago
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆237Updated 6 months ago
• mannyfred / SentinelBruh
  Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution
  ☆37Updated 3 months ago
• alfarom256 / HPHardwareDiagnostics-PoC
  PoC exploit for HP Hardware Diagnostic's EtdSupp driver
  ☆50Updated last year
• ZeroMemoryEx / SleepKiller
  Bypass Malware Time Delays
  ☆97Updated 2 years ago
• keowu / BadRentdrv2
  A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering t…
  ☆89Updated 4 months ago
• 0prrr / Malwear-Sweet
  Malware?
  ☆69Updated last month
• SaadAhla / BlockNonMSModules
  Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules
  ☆42Updated last year
• xforcered / Windows_MSKSSRV_LPE_CVE-2023-36802
  LPE exploit for CVE-2023-36802
  ☆22Updated last year