coldpon / ring3-hidden
Hide processes, files, services in Windows ring3
☆21Updated 5 months ago
Related projects ⓘ
Alternatives and complementary repositories for ring3-hidden
- 利用物理内存映射,实现虚拟内存的伪隐藏☆72Updated 2 years ago
- IDA Python script for generating Windows x86 shellcode with one click☆34Updated last year
- shellcode生成框架☆78Updated 3 months ago
- Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&☆51Updated 2 months ago
- 简单安排一下 autochk.sys 这个rootkit☆67Updated last year
- An implementation of an indirect system call☆116Updated last year
- Kill Protected Process Light Process (include av)☆54Updated last year
- Process Injection via Component Object Model (COM) IRundown::DoCallback().☆53Updated last year
- Load static-compiled PE from remote server.☆58Updated 2 years ago
- windwos内核研究与驱动Code☆60Updated 2 years ago
- 内存加载DLL 支持X86和X64(Memory PELoader Support X86 and X64)☆30Updated last year
- vehsyscall:a syscall project that may bypass EDR☆42Updated 8 months ago
- ShadeLoader is a shellcode loader designed to bypass most antivirus software. 壳代码, 杀毒软件, 绕过☆37Updated 3 months ago
- https://key08.com/index.php/2021/10/19/1375.html☆62Updated 2 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆101Updated 2 years ago
- A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal console builder.☆34Updated 2 months ago
- 无痕注入1☆69Updated 3 years ago
- Amazing Obfuscator; 支持混淆 ShellCode 甚至 EXE; Support obfuscating ShellCode, even EXE.☆31Updated this week
- 通杀检测基于白文件patch黑代码的免杀技术的后门☆91Updated 3 months ago
- CVE-2022-3699 with arbitrary kernel code execution capability☆70Updated last year
- Beacon compiled using clang☆58Updated last year
- 大数字驱动逆向代码☆65Updated last year
- sc4cpp is a shellcode framework based on C++☆87Updated 3 years ago
- vs2019 环境 Gh0st编译通过☆10Updated 2 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆32Updated 6 months ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆95Updated last year
- ☆27Updated last year
- Windows PE Signature Thief in C++☆50Updated 4 years ago