My notes while studying Windows exploitation
☆193Jul 25, 2023Updated 2 years ago
Alternatives and similar repositories for windows-exploitation
Users that are interested in windows-exploitation are comparing it to the libraries listed below
Sorting:
- My notes while studying Windows internals☆447Dec 9, 2024Updated last year
- Intel / AMD CPU Internals☆1,180Mar 7, 2021Updated 5 years ago
- "An Introduction to Windows Exploit Development" is an open sourced, free Windows exploit development course I created for the Southeast …☆41Apr 17, 2020Updated 5 years ago
- Small driver that uses alternative syscalls feature☆18May 9, 2024Updated last year
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆241Nov 6, 2019Updated 6 years ago
- A C++ syscall ID extractor for Windows. Developed, debugged and tested on 20H2.☆21May 25, 2021Updated 4 years ago
- Analyze Windows x64 Kernel Memory Layout☆130Nov 19, 2020Updated 5 years ago
- Kernel Detective☆151Mar 7, 2026Updated 2 weeks ago
- Offensive Assembly code snippets.☆13Jul 12, 2023Updated 2 years ago
- Examples of leaking Kernel Mode information from User Mode on Windows☆635Jul 7, 2017Updated 8 years ago
- The Win32 Anti-Intrusion Library☆213May 30, 2019Updated 6 years ago
- This is a collection of interesting codes about Windows Process creation.☆236Jan 12, 2024Updated 2 years ago
- createfile☆50Oct 27, 2015Updated 10 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆244Sep 26, 2023Updated 2 years ago
- Various methods of executing shellcode☆74Mar 27, 2023Updated 2 years ago
- Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module☆421Sep 9, 2018Updated 7 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆99Jun 24, 2021Updated 4 years ago
- Collect different versions of Crucial modules.☆146Jul 11, 2024Updated last year
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆146Feb 23, 2019Updated 7 years ago
- Bypassing PatchGuard on modern x64 systems☆265Apr 9, 2023Updated 2 years ago
- NASM listing to shellcode converter☆14May 6, 2018Updated 7 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- LDE64 (relocatable) source code☆103Jun 24, 2015Updated 10 years ago
- Simple driver to register all available process, thread, image, Registry, and Object callbacks☆124Oct 5, 2017Updated 8 years ago
- windows rootkit☆60May 2, 2024Updated last year
- Application Verifier Dynamic Fault Injection☆41Jan 12, 2026Updated 2 months ago
- Analysing and defeating PatchGuard universally☆36Nov 4, 2020Updated 5 years ago
- Intel Virtualization Technology demo☆72Oct 15, 2016Updated 9 years ago
- Signtool for expired certificates☆515Jun 10, 2023Updated 2 years ago
- Simple program for static hooking dynamic libraries in executable application☆24Jan 15, 2014Updated 12 years ago
- Splitting and executing shellcode across multiple pages☆103Jun 8, 2023Updated 2 years ago
- Research on Windows Kernel Executive Callback Objects☆316Feb 22, 2020Updated 6 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆79Jan 24, 2011Updated 15 years ago
- Static library and headers for linking your software with ntdll.dll☆37Dec 16, 2019Updated 6 years ago
- idk man this was the default github name☆35Apr 23, 2023Updated 2 years ago
- Win32 and Kernel abusing techniques for pentesters☆976Sep 3, 2023Updated 2 years ago
- Useful scripts for WinDbg using the debugger data model☆429Mar 27, 2024Updated last year
- Windows system repair tool☆18Jun 2, 2021Updated 4 years ago