[ARCHIVED] Early work on Benthic (Windows Kernel Rootkit).
☆59Aug 15, 2025Updated 6 months ago
Alternatives and similar repositories for Bentico
Users that are interested in Bentico are comparing it to the libraries listed below
Sorting:
- [ARCHIVED] Early work on Abyss (Windows UEFI Bootkit).☆41Aug 15, 2025Updated 6 months ago
- A curated compilation of extensive resources dedicated to bootkit and rootkit development.☆186Aug 9, 2025Updated 6 months ago
- Windows UEFI Bootkit☆85Nov 24, 2025Updated 3 months ago
- Automated environment setup for Bootkit & Rootkit development.☆36Aug 9, 2025Updated 6 months ago
- modified mssqlclient from impacket to extract policies from the SCCM database☆44Feb 24, 2026Updated last week
- BypassCredGuard CS BOF☆51Jan 23, 2025Updated last year
- This repo for Windows x32-x64 Kernel/User Mode Exploitation writeups and exploits☆24Oct 20, 2025Updated 4 months ago
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- Attacking the cleanup_module function of a kernel module☆56Jun 30, 2025Updated 8 months ago
- An advanced library for protecting/obfuscating kernel drivers using the C++ 17 standard.☆23Feb 22, 2026Updated last week
- Detect VM and Hypervisor☆10Jun 16, 2021Updated 4 years ago
- ☆17Jul 16, 2024Updated last year
- An utility to download PDB files associated with a Portable Executable (PE).☆15Feb 18, 2025Updated last year
- Repository to gather the BOF files I will be developing☆11Oct 1, 2024Updated last year
- Tool for obtaining information about PPL processes☆16Feb 12, 2024Updated 2 years ago
- A collection of cpuid instruction implementations for anti-vm purposes.☆10Oct 5, 2023Updated 2 years ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆138Aug 25, 2025Updated 6 months ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆77Sep 8, 2025Updated 5 months ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Shellcode Loader Library.☆14Sep 21, 2025Updated 5 months ago
- 「⚠️」Performing a BYOVD on the truesight.sys driver☆44Dec 7, 2024Updated last year
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆119Oct 15, 2024Updated last year
- 对Windbg以Exdi模式下调试windows做一些修复☆21Aug 25, 2023Updated 2 years ago
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- ☆14Aug 13, 2023Updated 2 years ago
- ☆18Mar 28, 2023Updated 2 years ago
- https://www.huorong.cn/☆15Apr 16, 2024Updated last year
- A simple tool for enumerating dynamic endpoints on a DCE/RPC remote or local endpoint mapper.☆15Oct 9, 2020Updated 5 years ago
- Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current pr…☆21Jan 28, 2024Updated 2 years ago
- This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…☆52May 16, 2025Updated 9 months ago
- Shellcode injection using the Windows Debugging API☆171Jan 4, 2026Updated 2 months ago
- I/O Cache-As-Ram + AMD x86_64 cache line locking | Mirror of https://codeberg.org/3itch/icekit☆18Mar 10, 2025Updated 11 months ago
- DiagTrack Eop (From Service Account to SYSTEM)☆24Jan 13, 2023Updated 3 years ago
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆101Jan 26, 2026Updated last month
- Logging library for kernel drivers written for the Windows NT operating system.☆21Oct 17, 2025Updated 4 months ago
- ☆23Oct 28, 2020Updated 5 years ago
- Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by s…☆85Dec 22, 2025Updated 2 months ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆21Jan 1, 2025Updated last year
- partially disable patchguard up to win11 21H2☆19Jun 3, 2024Updated last year