☆68May 19, 2019Updated 6 years ago
Alternatives and similar repositories for bootkits
Users that are interested in bootkits are comparing it to the libraries listed below
Sorting:
- ☆35Mar 20, 2021Updated 4 years ago
- ☆110May 19, 2019Updated 6 years ago
- ☆14May 19, 2019Updated 6 years ago
- An example code of CiGetCertPublisherName☆17Mar 24, 2022Updated 3 years ago
- repository with additional materials and source code☆32Jan 18, 2017Updated 9 years ago
- Procmonel is Procmon like monitoring system implemented using Microsoft WDK☆12Dec 25, 2019Updated 6 years ago
- Will try to put here slides from now on when I give a talk☆24Oct 11, 2021Updated 4 years ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆54Dec 30, 2025Updated 2 months ago
- Lua Extension for Windbg☆21Oct 22, 2018Updated 7 years ago
- A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.☆437Aug 22, 2018Updated 7 years ago
- Full reversing of the Microsoft Auxiliary Windows API Library and ported to C☆24Dec 17, 2024Updated last year
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- POC for CVE-2023-29360☆12Aug 31, 2024Updated last year
- HTTP/HTTPS/DNS inspector (windows driver)☆27Feb 20, 2019Updated 7 years ago
- Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable …☆23Sep 18, 2017Updated 8 years ago
- HelloAmdHvPkg is a type-1 research hypervisor for AMD processors.☆106Jun 28, 2020Updated 5 years ago
- Intel PT log analyzer With Parallel Processing And Basic Block Offset Caching Support☆71Nov 2, 2023Updated 2 years ago
- Binary Ninja plugin that syncs WinDbg to Binary Ninja☆47Apr 13, 2018Updated 7 years ago
- Automatically exported from code.google.com/p/windbgshark☆11Jul 1, 2015Updated 10 years ago
- Dynamic Identification and Recognition Technology☆10Nov 1, 2016Updated 9 years ago
- Data and structures regarding the research done on WdFilter☆12Apr 15, 2020Updated 5 years ago
- ASM Bootkit that patches DSE at boot allowing to load unsigned drivers☆14Aug 24, 2025Updated 6 months ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆232Jul 26, 2020Updated 5 years ago
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆53Mar 12, 2024Updated last year
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Ghidra Processor Module to disassemble and decompile the x86 Intel Atom microcode☆87Mar 13, 2023Updated 2 years ago
- Skeleton project for your own GRUB-based bootkit☆17Jan 11, 2020Updated 6 years ago
- pdb's function and global vars to offset☆10Apr 11, 2023Updated 2 years ago
- Repository of different kernel drivers written while studying Windows NT Driver development☆12Apr 14, 2024Updated last year
- Zerokit shared code☆17Mar 28, 2019Updated 6 years ago
- A simple memory dumper☆12Feb 11, 2020Updated 6 years ago
- Plugins and signatures☆13Jun 11, 2019Updated 6 years ago
- Allows you to add breakpoints from IDA (from the graph/text view) to WinDbg easily☆14Oct 10, 2018Updated 7 years ago
- A windbg extension for ASLR/DEP/SafeSEH check☆28May 19, 2018Updated 7 years ago
- Zydis Python Bindings (Work In Progress)☆32Dec 20, 2021Updated 4 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 3 years ago
- Miscellaneous Code and Docs☆83Jul 12, 2025Updated 7 months ago
- Ursnif beacon decryptor☆27Mar 20, 2023Updated 2 years ago
- VDA Labs scripts for the GHIDRA reverse engineering toolset☆29Mar 8, 2019Updated 6 years ago