amitschendel / venom-rootkit

Related projects ⓘ

Alternatives and complementary repositories for venom-rootkit

• MahmoudZohdy / Process-Injection-Techniques
  Various Process Injection Techniques
  ☆143Updated 2 years ago
• shaygitub / windows-rootkit
  windows rootkit
  ☆51Updated 6 months ago
• xenoscr / manual-syscall-detect
  A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
  ☆105Updated 2 years ago
• 4l3x777 / dse_pg_bypass
  DSE & PG bypass via BYOVD attack
  ☆37Updated 7 months ago
• zer0condition / Demystifying-PatchGuard
  Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…
  ☆106Updated last year
• Tserith / Parasite
  Compact MBR Bootkit for Windows
  ☆44Updated 2 years ago
• mike1k / ImportCallObfuscator
  Obfuscate calls to imports by patching in stubs
  ☆64Updated 3 years ago
• estimated1337 / lenovo_exec
  CVE-2022-3699 with arbitrary kernel code execution capability
  ☆70Updated last year
• zer0condition / ZeroThreadKernel
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆154Updated last year
• eversinc33 / unKover
  PoC Anti-Rootkit/Anti-Cheat Driver.
  ☆160Updated 2 months ago
• void-stack / Hypervisor-Detection
  Detects virtual machines and malware analysis environments
  ☆115Updated 2 years ago
• irql / CVE-2021-31728
  vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.
  ☆89Updated 3 years ago
• kkent030315 / MsIoExploit
  Exploit MsIo vulnerable driver
  ☆83Updated 3 years ago
• 1hAck-0 / zeroimport
  ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…
  ☆46Updated last year
• XaFF-XaFF / Shellcodev
  Shellcodev is a tool designed to help and automate the process of shellcode creation.
  ☆100Updated last year
• jdu2600 / CFG-FindHiddenShellcode
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆100Updated last year
• SamuelTulach / PwnedBoot
  Using Windows' own bootloader as a shim to bypass Secure Boot
  ☆142Updated 4 months ago
• PI-Defender / pi-defender
  Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.
  ☆148Updated 2 years ago
• GetRektBoy724 / DCMB
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆224Updated 4 months ago
• helloobaby / spoofcall
  spoof return address
  ☆70Updated last year
• aaaddress1 / wowGrail
  PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
  ☆102Updated 3 years ago
• VollRagm / ShellcodeBakery
  A simple tool to assemble shellcode ready to be copy-pasted into code
  ☆64Updated 2 years ago
• Hemogl0bin / drvscanner
  Scan for potentially vulnerable drivers
  ☆80Updated 2 years ago
• m417z / LdrDllNotificationHook
  Hook all callbacks which are registered with LdrRegisterDllNotification
  ☆83Updated last year
• alfarom256 / CVE-2022-3699
  Lenovo Diagnostics Driver EoP - Arbitrary R/W
  ☆169Updated last year
• TheAenema / hm-pe-packer
  A x64 PE Packer/Protector Developed in C++ and VisualStudio
  ☆50Updated last year
• Flerov / TS-Changer
  TS-Changer - Forces the machine in/out of TestSigning Mode at runtime.
  ☆64Updated last year
• samshine / ScyllaHideDetector2
  Allows you to find the use of ScyllaHide, if your program will debug and restore hooking functions bytes.
  ☆24Updated 5 years ago
• 66flags / inline-syscall
  A simple direct syscall wrapper written in C++ with compatibility for x86 and x64 programs.
  ☆42Updated last year
• DanielAvinoam / TheSubZeroProject
  A multi-staged malware that contains a kernel mode rootkit and a remote system shell.
  ☆69Updated 3 years ago