adamhlt / Basic-RootkitLinks
POC Ring3 Windows Rootkit (x86 / x64) - Hide processes and files
☆55Updated last year
Alternatives and similar repositories for Basic-Rootkit
Users that are interested in Basic-Rootkit are comparing it to the libraries listed below
Sorting:
- Fud Runpe Av Evasion / All Av Bypass☆33Updated 2 years ago
- Windows API Call Obfuscation☆106Updated 2 years ago
- Header only library for obfuscation import winapi functions.☆41Updated 4 months ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆86Updated 2 years ago
- CVE-2022-3699 with arbitrary kernel code execution capability☆71Updated 2 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆157Updated 2 years ago
- Compile-Time Calls Obfuscator for C++14+☆48Updated last year
- Scan for potentially vulnerable drivers☆88Updated 3 years ago
- Various Process Injection Techniques☆148Updated 3 years ago
- PoC Anti-Rootkit/Anti-Cheat Driver.☆201Updated 2 months ago
- A simple direct syscall wrapper written in C++ with compatibility for x86 and x64 programs.☆53Updated 4 months ago
- Experiment with PAGE_GUARD protection to hide memory from other processes☆46Updated last year
- Allows you to find the use of ScyllaHide, if your program will debug and restore hooking functions bytes.☆26Updated 5 years ago
- Hide processes, files, services in Windows ring3☆25Updated last year
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆111Updated 3 years ago
- manual map unsigned driver over signed memory☆196Updated last year
- kernel to user mode APC injector☆45Updated 3 years ago
- Exploit MsIo vulnerable driver☆106Updated 3 years ago
- TS-Changer - Forces the machine in/out of TestSigning Mode at runtime.☆65Updated last year
- DSE & PG bypass via BYOVD attack☆51Updated last year
- A simple tool to assemble shellcode ready to be copy-pasted into code☆68Updated 3 years ago
- Bypassing windows uac, however its an old approach/method but its still unpatched ¯\_(ツ)_/¯☆44Updated 3 years ago
- A x64 PE Packer/Protector Developed in C++ and VisualStudio☆52Updated last year
- x64 Windows kernel driver mapper, inject unsigned driver using anycall☆160Updated last year
- Using SetWindowHookEx for preinjected DLL's☆58Updated 2 years ago
- NO WriteProcessMemory CreateRemoteThread APIs call shellcode injection☆29Updated 5 years ago
- ☆79Updated 3 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆122Updated 2 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆107Updated 3 years ago
- Shellcodev is a tool designed to help and automate the process of shellcode creation.☆110Updated last year