☆110May 19, 2019Updated 6 years ago
Alternatives and similar repositories for rootkits
Users that are interested in rootkits are comparing it to the libraries listed below
Sorting:
- ☆68May 19, 2019Updated 6 years ago
- ☆35Mar 20, 2021Updated 4 years ago
- ☆14May 19, 2019Updated 6 years ago
- Data and structures regarding the research done on WdFilter☆12Apr 15, 2020Updated 5 years ago
- Parsers for custom malware formats ("Funky malware formats")☆98Jan 8, 2022Updated 4 years ago
- The Windows Kernel Programming book samples☆666Sep 25, 2023Updated 2 years ago
- Call 32bit NtDLL API directly from WoW64 Layer☆62Nov 18, 2020Updated 5 years ago
- An example code of CiGetCertPublisherName☆17Mar 24, 2022Updated 3 years ago
- Headers for linking your software with ntdll.dll☆15Nov 4, 2020Updated 5 years ago
- Malware monitor template based on MinHook☆17Mar 29, 2015Updated 10 years ago
- Will try to put here slides from now on when I give a talk☆24Oct 11, 2021Updated 4 years ago
- Windows CIFS/SMB packet generation and SMB networking library☆12Aug 25, 2020Updated 5 years ago
- Demonstrate the new FileDispositionInfoEx behavior☆15Nov 6, 2017Updated 8 years ago
- POC viruses I have created to demo some ideas☆59Apr 12, 2020Updated 5 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Rootkit breaker - experimental Linux anti-rootkit tool based on kprobes☆12Sep 30, 2020Updated 5 years ago
- A windows kernel driver to Block symbolic link exploit used for privilege escalation.☆15Jul 30, 2020Updated 5 years ago
- HTTP/HTTPS/DNS inspector (windows driver)☆27Feb 20, 2019Updated 7 years ago
- Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable …☆23Sep 18, 2017Updated 8 years ago
- Script and metasploit module for CVE-2018-15982☆11Aug 12, 2020Updated 5 years ago
- Analysis and Modification Tool for Executables☆17Mar 28, 2019Updated 6 years ago
- ☆39Oct 29, 2020Updated 5 years ago
- MalUnpack companion driver☆99Jun 17, 2024Updated last year
- ☆76Sep 30, 2021Updated 4 years ago
- Hansel - a simple but flexible search for IDA☆26Jul 11, 2019Updated 6 years ago
- StrongVM is a virtualizing protector for .NET applications.☆29Nov 25, 2022Updated 3 years ago
- CVE-2017-10366: Oracle PeopleSoft 8.54, 8.55, 8.56 Java deserialization exploit☆25Sep 4, 2018Updated 7 years ago
- Simple library to handle PE files loading, relocating, get/set data, ..., in addition to process handling☆32Aug 7, 2019Updated 6 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆232Jul 26, 2020Updated 5 years ago
- Window Executable file Function tracer using Debugging API☆44Sep 26, 2019Updated 6 years ago
- 2018 Advent Calendar browser pwnables☆15Feb 14, 2019Updated 7 years ago
- Detour library (x64 and x86 compatible)☆13Dec 15, 2020Updated 5 years ago
- Basic Deobfuscator for SaintFuscator, Using CCFlow with this tool is recommended☆16Jun 4, 2021Updated 4 years ago
- neat way to detect memory read using nt layer function.☆14Aug 4, 2023Updated 2 years ago
- A way to detect DBI frameworks, Debuggers and VMs.☆24Nov 17, 2020Updated 5 years ago
- Yet another variant of Process Hollowing☆458Jul 31, 2025Updated 7 months ago
- An automatic tool for fixing dumped PE files☆42Jul 28, 2020Updated 5 years ago
- ☆165Sep 18, 2021Updated 4 years ago