bluesadi / Heavens-Gate

Related projects ⓘ

Alternatives and complementary repositories for Heavens-Gate

• cs1ime / DICHook
  Hook NtDeviceIoControlFile with PatchGuard
  ☆101Updated 2 years ago
• windpiaoxue / sc4cpp
  sc4cpp is a shellcode framework based on C++
  ☆87Updated 3 years ago
• A-Normal-User / Pretend_HideVirtualMemory
  利用物理内存映射，实现虚拟内存的伪隐藏
  ☆73Updated 2 years ago
• aaaddress1 / wowGrail
  PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
  ☆102Updated 3 years ago
• D0pam1ne705 / Direct-NtCreateUserProcess
  Call NtCreateUserProcess directly as normal.
  ☆66Updated 2 years ago
• DragonQuestHero / WindowsSyscallsEx
  Quick check of NT kernel exported&unexported functions/global variable offset NT内核导出以及未导出函数+全局变量偏移速查
  ☆91Updated last year
• WINGS2709 / 360Safe
  大数字驱动逆向代码
  ☆65Updated last year
• huoji120 / Etw-Syscall
  https://key08.com/index.php/2021/10/19/1375.html
  ☆62Updated 2 years ago
• Rhydon1337 / windows-kernel-file-delete
  Force a file delete using a windows kernel driver
  ☆61Updated 2 years ago
• Jhinxs / ntoskrnl
  收集常用windows版本内核文件
  ☆31Updated last year
• jdu2600 / CFG-FindHiddenShellcode
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆100Updated last year
• zzhouhe / VM_Analyze
  ☆77Updated 3 years ago
• Flawww / ObfuscatedJumpGenerator
  Dynamically generated obfuscated jumps and/or function calls
  ☆33Updated last year
• stdhu / windows-kernel-pagehook
  windows kernel pagehook
  ☆38Updated 2 years ago
• jdu2600 / EtwTi-FluctuationMonitor
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆95Updated last year
• DragonQuestHero / WindowsKernelPrivateSymbolsDump
  Win7内核私有符号结构转储
  ☆64Updated 3 years ago
• Oxygen1a1 / DrvMon
  a monitoring windows driver calls kernel api tools
  ☆94Updated 4 months ago
• estimated1337 / lenovo_exec
  CVE-2022-3699 with arbitrary kernel code execution capability
  ☆70Updated last year
• IcEy-999 / Kernel-Special-APC-ReadProcessMemory
  Example of reading process memory through kernel special APC
  ☆98Updated last year
• Hipepper / antiVM
  Ida pro plugin. The antiVM aims to quickly identify anti-virtual machine and anti-sandbox behavior. This can speed up malware analysis.
  ☆37Updated 2 years ago
• FaEryICE / MemScanner
  Analyze Windows x64 Kernel Memory Layout
  ☆121Updated 4 years ago
• ilovecsad / Ark
  ☆80Updated 2 years ago
• Oxygen1a1 / callstack_spoof
  ☆118Updated last year
• DragonQuestHero / DwmDraw
  不使用3环挂钩进行DWM桌面绘制
  ☆78Updated 2 years ago
• DearXiaoGui / InfinityHookPro-main
  ☆52Updated 2 years ago
• FiYHer / driver_callback_bypass_1909
  研究和移除各种内核回调,在anti anti cheat的路上越走越远
  ☆167Updated 2 years ago
• AimiP02 / BronyaObfus
  整合Pluto-Obfuscator和goron部分混淆，移植到LLVM-16.0.x，使用NewPassManager
  ☆113Updated last year
• huoji120 / MakeInfinityHookGreatAgain
  让Etwhook再次伟大! Make InfinityHook Great Again!
  ☆124Updated 3 years ago
• Rythorndoran / PageTableHook
  ☆125Updated last year
• zhutingxf / InfinityHookPro
  InfinityHook 支持Win7 到 Win11 最新版本，虚拟机环境及物理机环境
  ☆34Updated last month