aaaddress1 / ntkrnlProtectScan
One Click Tool to Scan All the Enabled Protection of current Windows NT Kernel
β43Updated 11 months ago
Related projects: β
- Windows AppLocker Driver (appid.sys) LPEβ30Updated last month
- π‘οΈ A multi-user malleable C2 framework targeting Windows. Written in C++ and Pythonβ36Updated 6 months ago
- β23Updated 10 months ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)β22Updated 3 months ago
- β26Updated 2 months ago
- β23Updated 4 months ago
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driverβ51Updated 11 months ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.β41Updated 6 months ago
- β55Updated this week
- Simple PoC to locate hooked functions by EDR in ntdll.dllβ31Updated last year
- Your NTDLL vaccine from modern direct syscall methods.β35Updated 2 years ago
- An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe componentβ11Updated last year
- Enumerate Callbacks and all Object Typesβ13Updated last year
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modulesβ41Updated last year
- Persistence via Shell Extensionsβ60Updated last year
- Reimplementation of the KExecDD DSE bypass technique.β42Updated last week
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information classβ24Updated last year
- API Hammering with C++20β34Updated 2 years ago
- A POC of a new βthreadlessβ process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and reβ¦β18Updated last year
- Research of modifying exported function names at runtime (C/C++, Windows)β16Updated 3 months ago
- Various methods of executing shellcodeβ67Updated last year
- Classic Process Injection with Memory Evasion Techniques implemantationβ64Updated 10 months ago
- β33Updated last year
- This program is used to perform reflective DLL Injection to a remote process specified by the user.β61Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.β69Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loaderβ34Updated 9 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.β52Updated last month
- the Open Source and Pure C++ Packer for eXecutablesβ18Updated last year
- PoC exploit for HP Hardware Diagnostic's EtdSupp driverβ50Updated last year
- Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed byβ¦β14Updated 4 months ago