bi-zone / rdtsc-checkvirt-poc
Virtualization detection through speculative execution PoCs and papers
☆67Updated 6 years ago
Related projects: ⓘ
- a binary x86win32 code obfuscator using virtual machine☆32Updated 7 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆72Updated 13 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆52Updated 5 years ago
- ☆52Updated this week
- Sample project for kernel debugging automation with Vagrant☆57Updated 4 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆73Updated 9 years ago
- VMCS Auditor provides almost all of Intel's VMCS Layout checklist based on Bochs Emulator.☆32Updated 5 years ago
- ☆33Updated 3 years ago
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆49Updated 6 months ago
- This is a simple driver with x64 inline assembly☆52Updated 4 years ago
- ☆79Updated this week
- An API Monitor based on Instrumentation☆40Updated 6 years ago
- Comparison table of VMX capabilities for a bunch of processors☆12Updated 3 years ago
- An Integrity-Check Monitoring Pintool☆56Updated 3 years ago
- Malware Analysis, Anti-Analysis, and Anti-Anti-Analysis☆43Updated 7 years ago
- A DLL that performs IAT hooking☆26Updated 6 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆63Updated 4 years ago
- MSI NTIOLib/WinIO Local Privilege Escalation exploit☆88Updated 7 years ago
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆33Updated 2 months ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 8 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆100Updated 4 years ago
- Fetch PDB symbols directly from Microsoft's symbol servers☆41Updated 2 years ago
- Helper utility for debugging windows PE/PE+ loader.☆49Updated 9 years ago
- A C polymorphic and metamorphic engine☆65Updated 5 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆45Updated 3 years ago
- Analyze and attack windows applications using dll hijacking vulnerabilities☆54Updated 4 years ago
- A local copy of Alex Ionescu's seemingly abandoned native-nt-toolkit project containing knowledge inherited from the ReactOS project.☆53Updated 4 years ago
- SentinelOne's KeRnel Exploits Advanced Mitigations☆50Updated 5 years ago
- Decrement Windows Kernel for fun and profit☆38Updated 6 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 6 years ago