benheise / bootkit
UEFI bootkit: Hardware Implant. In-Progress
☆13Updated 2 years ago
Alternatives and similar repositories for bootkit:
Users that are interested in bootkit are comparing it to the libraries listed below
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆52Updated 2 years ago
- A native Windows library for intercepting kernel-to-user transitions using instrumentation callbacks☆17Updated last year
- Another UEFI runtime bootkit☆29Updated last year
- ☆26Updated 3 years ago
- ☆58Updated 2 years ago
- An extended proof-of-concept for the CVE-2021-21551 Dell ‘dbutil_2_3.sys’ Kernel Exploit☆24Updated 3 years ago
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆48Updated last year
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated last year
- silence file system monitoring components by hooking their minifilters☆54Updated last year
- Bypassing kernel patch protection runtime☆19Updated 2 years ago
- Compact MBR Bootkit for Windows☆45Updated 3 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- SoulExtraction is a windows driver library for extracting cert information in windows drivers☆21Updated 2 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆24Updated 3 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Updated 2 years ago
- windows rootkit☆58Updated 9 months ago
- kernel to user mode APC injector☆44Updated 2 years ago
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆26Updated 2 years ago
- research revolving the windows filtering platform callout mechanism☆27Updated 8 months ago
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆54Updated 3 years ago
- 2022 Updated Kernelmode-Code☆31Updated 10 months ago
- Hooking Shadow and normal SSDT with Kaspersky Hypervisor and abusing alignment☆23Updated 4 years ago
- Next gen process injection technique☆44Updated 4 years ago
- Allows you to find the use of ScyllaHide, if your program will debug and restore hooking functions bytes.☆24Updated 5 years ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆84Updated 2 years ago
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆34Updated 3 years ago
- Compileable POC of namazso's x64 return address spoofer.☆51Updated 4 years ago
- Tool to dump EFI runtime drivers.☆35Updated 11 months ago
- bootkit驱动映射,三环进程注入加载指定模块☆13Updated 4 months ago
- Report and exploit of CVE-2024-21305.☆34Updated last year