adamhlt / Basic-RootkitLinks
POC Ring3 Windows Rootkit (x86 / x64) - Hide processes and files
☆54Updated last year
Alternatives and similar repositories for Basic-Rootkit
Users that are interested in Basic-Rootkit are comparing it to the libraries listed below
Sorting:
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆154Updated 2 years ago
- Fud Runpe Av Evasion / All Av Bypass☆33Updated 2 years ago
- manual map unsigned driver over signed memory☆187Updated last year
- ☆57Updated last year
- PoC Anti-Rootkit/Anti-Cheat Driver.☆197Updated last month
- kernel to user mode APC injector☆44Updated 3 years ago
- CVE-2022-3699 with arbitrary kernel code execution capability☆70Updated 2 years ago
- Scan for potentially vulnerable drivers☆87Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆85Updated 2 years ago
- Kernel<->Usermode shared memory communcation using manually mapped driver☆19Updated 3 years ago
- Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume thread…☆160Updated last year
- DSE & PG bypass via BYOVD attack☆51Updated last year
- simple user-mode Rootkit☆105Updated 2 years ago
- Windows API Call Obfuscation☆104Updated 2 years ago
- A simple direct syscall wrapper written in C++ with compatibility for x86 and x64 programs.☆50Updated 3 months ago
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆47Updated 2 years ago
- TS-Changer - Forces the machine in/out of TestSigning Mode at runtime.☆65Updated last year
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆121Updated 2 years ago
- Header only library for obfuscation import winapi functions.☆40Updated 3 months ago
- driver manual mapper powered by https://github.com/estimated1337/lenovo_exec☆111Updated 2 years ago
- spoof return address☆75Updated 2 years ago
- Process Hollowing in C++ (x86 / x64) - Process PE image replacement☆151Updated last year
- x64 Windows kernel driver mapper, inject unsigned driver using anycall☆159Updated last year
- Shellcodev is a tool designed to help and automate the process of shellcode creation.☆110Updated last year
- Virtual and physical memory hacking library using gigabyte vulnerable driver☆70Updated 2 years ago
- Hide processes, files, services in Windows ring3☆25Updated last year
- ☆45Updated 4 months ago
- Allows you to find the use of ScyllaHide, if your program will debug and restore hooking functions bytes.☆26Updated 5 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆106Updated 3 years ago
- Compact MBR Bootkit for Windows☆53Updated 3 years ago