A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.
☆57Sep 20, 2022Updated 3 years ago
Alternatives and similar repositories for ANGRYORCHARD
Users that are interested in ANGRYORCHARD are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆20Oct 12, 2024Updated last year
- Finding Truth in the Shadows☆129Jan 26, 2023Updated 3 years ago
- Enumerate Callbacks and all Object Types☆16Jan 9, 2023Updated 3 years ago
- ☆17Dec 18, 2020Updated 5 years ago
- ☆198Jul 29, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆12Jul 12, 2022Updated 3 years ago
- ☆23Oct 15, 2024Updated last year
- Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…☆25Mar 26, 2020Updated 6 years ago
- ☆31Mar 9, 2024Updated 2 years ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆72Nov 11, 2025Updated 5 months ago
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆51Mar 22, 2023Updated 3 years ago
- Red-Teaming TempleOS.☆17Jul 29, 2022Updated 3 years ago
- Rust Implementation of SharpDllProxy for DLL Proxying Technique☆29Oct 27, 2022Updated 3 years ago
- Tool for pivoting over SMB pipes☆16Jul 20, 2019Updated 6 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- ☆568Feb 22, 2024Updated 2 years ago
- Hijack Printconfig.dll to execute shellcode☆102Jan 15, 2021Updated 5 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆160Mar 16, 2026Updated last month
- Static library and headers for linking your software with ntdll.dll☆37Dec 16, 2019Updated 6 years ago
- Using fibers to run in-memory code.☆244Oct 19, 2023Updated 2 years ago
- manually map driver for a signed driver memory space☆177Mar 11, 2021Updated 5 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆41Dec 31, 2020Updated 5 years ago
- ☆23May 8, 2023Updated 3 years ago
- BasicLDR: A Reflective DLL Loader☆14Jun 11, 2024Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Virtual and physical memory hacking library using gigabyte vulnerable driver☆70Mar 16, 2026Updated last month
- POC Hook of nt!HvcallCodeVa☆55May 8, 2023Updated 3 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆244Sep 26, 2023Updated 2 years ago
- Translate virtual addresses to physical addresses from usermode.☆123Jun 7, 2024Updated last year
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆25Jul 5, 2023Updated 2 years ago
- The program is intended for a dynamic unpacking of binders, crypters, packers and protectors☆13Sep 26, 2020Updated 5 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆138Mar 3, 2025Updated last year
- Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD☆28Jan 4, 2024Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks☆420Jul 4, 2025Updated 10 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆360Aug 11, 2024Updated last year
- Select any exported function in a dll as the new dll's entry point.☆82Oct 25, 2024Updated last year
- ☆10Apr 19, 2026Updated 2 weeks ago
- EDRSandblast-GodFault☆272Aug 28, 2023Updated 2 years ago
- UEFI bootkit: Hardware Implant. In-Progress☆15Mar 7, 2022Updated 4 years ago
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆50Jan 25, 2025Updated last year