dr-anoroc / rawccopy

Related projects ⓘ

Alternatives and complementary repositories for rawccopy

• jbaines-r7 / dellicious
  Enabled / Disable LSA Protection via BYOVD
  ☆62Updated 2 years ago
• LloydLabs / process-enumeration-stealth
  ☆76Updated 2 months ago
• NtRaiseHardError / Sysmon
  Sysmon shenanigans
  ☆65Updated 4 years ago
• lilkui / runasti
  Runs programs as TrustedInstaller
  ☆48Updated 5 years ago
• therealdreg / dregate
  call gates as stable comunication channel for NT x86 and Linux x86_64
  ☆30Updated last year
• Maff1t / WindowsPermsPoC
  A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows
  ☆52Updated 3 years ago
• NtQuerySystemInformation / NlsCodeInjectionThroughRegistry
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆117Updated last year
• realoriginal / bootdoor
  An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot
  ☆59Updated last year
• WithSecureLabs / TickTock
  ☆104Updated 2 years ago
• LloydLabs / dearg-thread-ipc-stealth
  A novel technique to communicate between threads using the standard ETHREAD structure
  ☆110Updated 3 years ago
• VergiliusProject / kernels-data
  Windows kernel PDB data parsed into YAML
  ☆31Updated last week
• jackullrich / TRunPE
  A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…
  ☆92Updated 5 years ago
• worawit / malk
  Demonstrate calling a kernel function and handle process creation callback against HVCI
  ☆48Updated last year
• hoangprod / DanSpecial
  Weaponizing Gigabyte driver for priv escalation and bypass PPL
  ☆68Updated 5 years ago
• Cobalt-Strike / ProxyDLLExample
  code for the Proxy DLL example blog post
  ☆58Updated 3 years ago
• rbmm / NtDetours
  Detours implementation (x64/x86) which used only ntdll import
  ☆88Updated 5 months ago
• uvbs / NT-APC-Injector
  APC DLL Injector with NtQueueApcThread and wake up thread support
  ☆44Updated 7 years ago
• 0xMegaByte / COM-Explained
  ☆27Updated 2 years ago
• nccgroup / mimikatz-detector-condrv
  The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent …
  ☆36Updated 2 years ago
• daem0nc0re / SharpWnfSuite
  C# Utilities for Windows Notification Facility
  ☆125Updated 6 months ago
• pr0tean / TelemetrySourcerer-patched
  Tiny driver patch to allow kernel callbacks to work on Win10 21h1
  ☆31Updated 2 years ago
• elastic / PPLGuard
  ☆67Updated last year
• jonaslyk / temp
  ☆65Updated last year
• uf0o / windows-ps-callbacks-experiments
  Files for http://blog.deniable.org/posts/windows-callbacks/
  ☆67Updated 2 years ago
• ionescu007 / hazmat5
  Local OXID Resolver (LCLOR) : Research and Tooling
  ☆33Updated 3 years ago
• Coldzer0 / TinyPDBParser
  Windows PDB Parser using Imagehlp library.
  ☆16Updated 2 years ago
• alfarom256 / MCP-PoC
  Minifilter Callback Patching Proof-of-Concept
  ☆62Updated 2 years ago
• gabriellandau / ShadowStackWalk
  Finding Truth in the Shadows
  ☆84Updated last year
• aaaddress1 / dnLauncher
  ☆36Updated 2 years ago