connormcgarr / SkBridgeLinks
Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1
☆70Updated 4 months ago
Alternatives and similar repositories for SkBridge
Users that are interested in SkBridge are comparing it to the libraries listed below
Sorting:
- Virtual Trust Level (VTL 1) secure call tracing☆86Updated 5 months ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Updated 10 months ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆79Updated 3 years ago
- Report and exploit of CVE-2024-21305.☆38Updated 2 years ago
- An example of how to use Microsoft Windows Warbird technology☆30Updated 2 years ago
- WinDbg plugin to trace module transitions from a debugged driver.☆38Updated last month
- Easy encrypt/decrypt data with TPM☆25Updated last year
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆49Updated last year
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆46Updated 3 years ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆92Updated 6 months ago
- Finding Truth in the Shadows☆120Updated 3 years ago
- A few examples of how to trap virtual memory access on Windows.☆39Updated last year
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆50Updated last month
- An x64dbg plugin which helps make sense of long C++ symbols☆59Updated 2 years ago
- REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""☆14Updated 10 months ago
- Intel 64/Windows low-level experiments☆63Updated 5 months ago
- A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering☆42Updated 7 months ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆81Updated 7 months ago
- Minimalistic HTTP(S) client for the NT kernel☆61Updated 2 months ago
- All LLVM binaries scrambled with SigBreaker and used to test against llvm-lit☆25Updated 8 months ago
- Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.☆66Updated last week
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Updated 9 months ago
- Generate a PDB file given the old PDB file and an address mapping☆51Updated 6 months ago
- WinHvShellcodeEmulator (WHSE) is a shellcode emulator leveraging the Windows Hypervisor Platform API☆26Updated 3 years ago
- ☆35Updated 2 years ago
- Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by s…☆73Updated last month
- ☆52Updated 10 months ago
- A set of LLVM and GCC based plugins that perform code obfuscation.☆138Updated 3 months ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆96Updated 10 months ago
- Example of building an application verifer DLL☆51Updated last year