ZeroMemoryEx / KasperskyHook
Hook system calls on Windows by using Kaspersky's hypervisor
☆11Updated last year
Related projects ⓘ
Alternatives and complementary repositories for KasperskyHook
- Thread Execution Hijacking technique☆34Updated 2 years ago
- C++ PowerShell dropper☆21Updated 2 years ago
- x86 Trampoline Hook☆37Updated 2 years ago
- Detect API Hooks☆68Updated 2 years ago
- using the Recycle Bin to insure persistence☆11Updated 2 years ago
- Code injection via ZwCreateSection, ZwUnmapViewOfSection. C++ example☆17Updated 2 years ago
- a collection of elf file infectors☆27Updated 3 years ago
- Listing UDP connections with remote address without sniffing.☆30Updated last year
- XOrCryptEx lightweight C Utility/Algorithm☆11Updated 2 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆42Updated last year
- ☆22Updated last year
- Allows you to find the use of ScyllaHide, if your program will debug and restore hooking functions bytes.☆23Updated 5 years ago
- UEFI bootkit: Hardware Implant. In-Progress☆11Updated 2 years ago
- silence file system monitoring components by hooking their minifilters☆51Updated 9 months ago
- Reduce Dynamic Analysis Detection Rates With Built-In Unhooker, Anti Analysis Techniques, And String Obfuscator Modules.☆18Updated last year
- A manual PE mapping implementation, aka reflective loader☆17Updated 2 years ago
- Anti-Analysis technique, trick the debugger by Hiding events from it.☆18Updated 3 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆24Updated 2 years ago
- Phantom DLL Hollowing method implemented in modmap☆17Updated 3 years ago
- Malware persistence via COM DLL hijacking. C++ implementation example☆13Updated 2 years ago
- An attempt at reversing WindowsDefender☆20Updated last month
- user-mode Rootkit☆98Updated 2 years ago
- ☆29Updated 2 years ago
- Injects position-dependent code into a code cave in an executable file, and applies relocations.☆19Updated last year
- kernel to user mode APC injector☆43Updated 2 years ago
- x64 Windows privilege elevation using anycall☆20Updated 3 years ago