TheMalwareGuardian / Awesome-Bootkits-Rootkits-Development

Related projects ⓘ

Alternatives and complementary repositories for Awesome-Bootkits-Rootkits-Development

• jseclab / UGuardMap
  bootkit驱动映射，三环进程注入加载指定模块
  ☆11Updated last month
• alfarom256 / HPHardwareDiagnostics-PoC
  PoC exploit for HP Hardware Diagnostic's EtdSupp driver
  ☆50Updated last year
• shaygitub / windows-rootkit
  windows rootkit
  ☆51Updated 6 months ago
• eversinc33 / unKover
  PoC Anti-Rootkit/Anti-Cheat Driver.
  ☆160Updated 2 months ago
• hid3rx / GhostWriting
  ☆22Updated last year
• Tserith / Parasite
  Compact MBR Bootkit for Windows
  ☆44Updated 2 years ago
• jdu2600 / EtwTi-FluctuationMonitor
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆96Updated last year
• TheMalwareGuardian / Abismo
  UEFI Windows Bootkit
  ☆25Updated 4 months ago
• lennyRBLX / ret_addr_spoofer
  Compileable POC of namazso's x64 return address spoofer.
  ☆47Updated 4 years ago
• ItzPAX / wnbios_poc
  using wnbios64.sys for arbitrary r/w
  ☆10Updated 6 months ago
• gabriellandau / ShadowStackWalk
  Finding Truth in the Shadows
  ☆84Updated last year
• SaadAhla / BlockOpenHandle
  Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…
  ☆165Updated last year
• 1hAck-0 / zeroimport
  ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…
  ☆46Updated last year
• m417z / LdrDllNotificationHook
  Hook all callbacks which are registered with LdrRegisterDllNotification
  ☆83Updated last year
• jdu2600 / CFG-FindHiddenShellcode
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆100Updated last year
• 1027565 / InstrumentationCallbacks
  A native Windows library for intercepting kernel-to-user transitions using instrumentation callbacks
  ☆16Updated 9 months ago
• xsh3llsh0ck / MilkBox
  Tool to dump EFI runtime drivers.
  ☆34Updated 9 months ago
• rogxo / DisableDSE
  A method to Disable DSE using .data ptr hooks
  ☆26Updated 9 months ago
• 0mWindyBug / WFPCalloutReserach
  research revolving the windows filtering platform callout mechanism
  ☆22Updated 5 months ago
• capt-meelo / KernelCallbackTable-Injection
  Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
  ☆100Updated 2 years ago
• Maldev-Academy / GhostlyHollowingViaTamperedSyscalls
  Implementing the ghostly hollowing PE injection technique using tampered syscalls.
  ☆124Updated 5 months ago
• maziland / StackBombing
  Next gen process injection technique
  ☆42Updated 4 years ago
• ldpreload / werkernel
  Windows LPE Nday
  ☆24Updated 6 months ago
• android1337 / crycall
  Compile-Time Calls Obfuscator for C++14+
  ☆34Updated 11 months ago
• 0mWindyBug / DataptrHooks
  ntoskrnl .data hooks for UM-KM communication
  ☆34Updated 5 months ago
• mrexodia / lolbin-poc
  Small PoC of using a Microsoft signed executable as a lolbin.
  ☆133Updated last year
• mzakocs / CVE-2021-21551-POC
  An extended proof-of-concept for the CVE-2021-21551 Dell ‘dbutil_2_3.sys’ Kernel Exploit
  ☆23Updated 3 years ago
• xsh3llsh0ck / ResilienceKit
  Another UEFI runtime bootkit
  ☆30Updated last year