TheMalwareGuardian / Bootkits-Rootkits-Development-EnvironmentLinks
Automated environment setup for Bootkit & Rootkit development.
☆34Updated 5 months ago
Alternatives and similar repositories for Bootkits-Rootkits-Development-Environment
Users that are interested in Bootkits-Rootkits-Development-Environment are comparing it to the libraries listed below
Sorting:
- Payload Obfuscation for Red Teams workshop materials☆78Updated 2 months ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Updated 9 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115Updated 2 years ago
- Easy encrypt/decrypt data with TPM☆25Updated last year
- Windows UEFI Bootkit☆78Updated 2 months ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆70Updated 4 months ago
- Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)☆54Updated 7 months ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Updated 10 months ago
- Virtual Trust Level (VTL 1) secure call tracing☆86Updated 5 months ago
- Finding Truth in the Shadows☆120Updated 3 years ago
- A few examples of how to trap virtual memory access on Windows.☆39Updated last year
- Reimplementation of the KExecDD DSE bypass technique.☆57Updated last year
- Intel 64/Windows low-level experiments☆63Updated 5 months ago
- SysCaller: SDK for WindowsAPI via syscalls. Dynamic Resolution, Obfuscation, Multi-Language Bindings, & more!☆51Updated 2 months ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆81Updated 7 months ago
- Code samples that serve as references for Windows API functions☆77Updated last year
- Next gen process injection technique☆54Updated 5 years ago
- REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""☆14Updated 10 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆120Updated last year
- Leaking kernel addresses from ETW consumers. Requires Administrator privileges.☆89Updated 2 months ago
- ☆52Updated 10 months ago
- Minifilter Callback Patching Proof-of-Concept☆73Updated 3 years ago
- "Service-less" driver loading☆166Updated last year
- Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.☆67Updated 2 months ago
- Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.☆66Updated this week
- All LLVM binaries scrambled with SigBreaker and used to test against llvm-lit☆25Updated 8 months ago
- PoC for popping a system shell against the LnvMSRIO.sys driver☆117Updated 3 months ago
- ☆60Updated 9 months ago
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆34Updated 3 years ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆92Updated 6 months ago