benheise/ANGRYORCHARD external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

benheise/ANGRYORCHARD

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/benheise/ANGRYORCHARD)

Close

benheise / ANGRYORCHARDView on GitHubMore

• External links
• Readme badge

A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.

☆55Sep 20, 2022Updated 3 years ago

Alternatives and similar repositories for ANGRYORCHARD

Users that are interested in ANGRYORCHARD are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• TheCruZ / WSCLib

  View on GitHub
  ☆20Oct 12, 2024Updated last year
• gabriellandau / ShadowStackWalk

  View on GitHub
  Finding Truth in the Shadows
  ☆125Jan 26, 2023Updated 3 years ago
• Flerov / EAKC-EnumAllKernelCallbacks

  View on GitHub
  Enumerate Callbacks and all Object Types
  ☆16Jan 9, 2023Updated 3 years ago
• stuxnet147 / luna-1

  View on GitHub
  ☆17Dec 18, 2020Updated 5 years ago
• gabriellandau / ItsNotASecurityBoundary

  View on GitHub
  ☆195Jul 29, 2024Updated last year
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• stuxnet147 / Known-Driver-Mappers

  View on GitHub
  ☆12Jul 12, 2022Updated 3 years ago
• iqrw0 / DieDMAProtection

  View on GitHub
  ☆29Mar 9, 2024Updated 2 years ago
• TheCruZ / SigMaker-x64

  View on GitHub
  ☆23Oct 15, 2024Updated last year
• bharadwajyas / ppdump-public

  View on GitHub
  Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…
  ☆25Mar 26, 2020Updated 6 years ago
• Teach2Breach / noldr

  View on GitHub
  Dynamically resolve API function addresses at runtime in a secure manner.
  ☆73Nov 11, 2025Updated 4 months ago
• 1hAck-0 / zeroimport

  View on GitHub
  ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…
  ☆50Mar 22, 2023Updated 3 years ago
• eversinc33 / OffensiveHolyC

  View on GitHub
  Red-Teaming TempleOS.
  ☆17Jul 29, 2022Updated 3 years ago
• aancw / DllProxy-rs

  View on GitHub
  Rust Implementation of SharpDllProxy for DLL Proxying Technique
  ☆29Oct 27, 2022Updated 3 years ago
• mis-team / rsockspipe

  View on GitHub
  Tool for pivoting over SMB pipes
  ☆16Jul 20, 2019Updated 6 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• gabriellandau / PPLFault

  View on GitHub
  ☆564Feb 22, 2024Updated 2 years ago
• RedSection / printjacker

  View on GitHub
  Hijack Printconfig.dll to execute shellcode
  ☆101Jan 15, 2021Updated 5 years ago
• zer0condition / ZeroThreadKernel

  View on GitHub
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆160Mar 16, 2026Updated last week
• JKornev / NTlib

  View on GitHub
  Static library and headers for linking your software with ntdll.dll
  ☆37Dec 16, 2019Updated 6 years ago
• Kudaes / Fiber

  View on GitHub
  Using fibers to run in-memory code.
  ☆243Oct 19, 2023Updated 2 years ago
• ekknod / sumap

  View on GitHub
  manually map driver for a signed driver memory space
  ☆176Mar 11, 2021Updated 5 years ago
• aaaddress1 / masqueradeCmdline

  View on GitHub
  A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.
  ☆41Dec 31, 2020Updated 5 years ago
• 1401199262 / HookHvcallCodeVa

  View on GitHub
  ☆23May 8, 2023Updated 2 years ago
• AlionGreen / BasicLDR

  View on GitHub
  BasicLDR: A Reflective DLL Loader
  ☆14Jun 11, 2024Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• jonomango / superfetch

  View on GitHub
  Translate virtual addresses to physical addresses from usermode.
  ☆112Jun 7, 2024Updated last year
• zer0condition / GDRVLib

  View on GitHub
  Virtual and physical memory hacking library using gigabyte vulnerable driver
  ☆70Mar 16, 2026Updated last week
• xu-Wan / HypercallPageHook

  View on GitHub
  POC Hook of nt!HvcallCodeVa
  ☆54May 8, 2023Updated 2 years ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆244Sep 26, 2023Updated 2 years ago
• HaydoW / NerfDefender

  View on GitHub
  BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
  ☆24Jul 5, 2023Updated 2 years ago
• fobricia / QuickUnpack

  View on GitHub
  The program is intended for a dynamic unpacking of binders, crypters, packers and protectors
  ☆13Sep 26, 2020Updated 5 years ago
• alfarom256 / UserVAtoPhysical

  View on GitHub
  Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address
  ☆23Nov 22, 2021Updated 4 years ago
• Signal-Labs / iat_unhook_sample

  View on GitHub
  (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…
  ☆138Mar 3, 2025Updated last year
• trustedsec / Windows-MS-LSAT-RPC-Example

  View on GitHub
  Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD
  ☆28Jan 4, 2024Updated 2 years ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• VoidSec / DriverBuddyReloaded

  View on GitHub
  Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
  ☆414Jul 4, 2025Updated 8 months ago
• klezVirus / DriverJack

  View on GitHub
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆361Aug 11, 2024Updated last year
• Kudaes / CustomEntryPoint

  View on GitHub
  Select any exported function in a dll as the new dll's entry point.
  ☆82Oct 25, 2024Updated last year
• gabriellandau / EDRSandblast-GodFault

  View on GitHub
  EDRSandblast-GodFault
  ☆271Aug 28, 2023Updated 2 years ago
• benheise / bootkit

  View on GitHub
  UEFI bootkit: Hardware Implant. In-Progress
  ☆15Mar 7, 2022Updated 4 years ago
• Teach2Breach / snapinject_rs

  View on GitHub
  A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
  ☆50Jan 25, 2025Updated last year
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆375May 24, 2022Updated 3 years ago