dr-anoroc / rawccopy
Command line utility for copying files on NTFS using low level disk access
☆32Updated 7 months ago
Related projects ⓘ
Alternatives and complementary repositories for rawccopy
- Enabled / Disable LSA Protection via BYOVD☆62Updated 2 years ago
- An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot☆59Updated last year
- Windows kernel PDB data parsed into YAML☆31Updated 10 months ago
- ☆65Updated last year
- A ready-made template for a project based on libpeconv.☆40Updated 2 weeks ago
- ☆27Updated 2 years ago
- Example of building an application verifer DLL☆45Updated 5 months ago
- The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent …☆36Updated 2 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆48Updated last year
- Small visualizator for PE files☆67Updated last year
- ☆76Updated 2 months ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆45Updated 2 years ago
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆43Updated 3 years ago
- Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)☆20Updated 4 years ago
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆31Updated 2 years ago
- Minifilter Callback Patching Proof-of-Concept☆61Updated 2 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆92Updated 5 years ago
- ☆67Updated last year
- Example/starter code for custom Windows application compatibility shims☆31Updated 3 years ago
- A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.☆85Updated last year
- Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE☆64Updated last year
- Dll injection through code page id modification in registry. Based on jonas lykk research☆117Updated last year
- A Practical example of ELAM (Early Launch Anti-Malware)☆30Updated 2 years ago
- ☆36Updated 2 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆183Updated 2 years ago
- ☆105Updated last year
- A Bumblebee-inspired Crypter☆80Updated last year