dr-anoroc / rawccopyLinks
Command line utility for copying files on NTFS using low level disk access
☆37Updated last year
Alternatives and similar repositories for rawccopy
Users that are interested in rawccopy are comparing it to the libraries listed below
Sorting:
- Sysmon shenanigans☆66Updated 5 years ago
- Windows kernel PDB data parsed into YAML☆41Updated 11 months ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆35Updated 3 years ago
- Runs programs as TrustedInstaller☆49Updated 6 years ago
- ☆71Updated 2 years ago
- A ready-made template for a project based on libpeconv.☆50Updated 8 months ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆114Updated 4 years ago
- ☆70Updated 8 months ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆98Updated 6 years ago
- Small visualizator for PE files☆70Updated 2 years ago
- The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent …☆40Updated 3 years ago
- ☆26Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆189Updated 3 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆69Updated 6 years ago
- ☆83Updated last year
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆144Updated 5 years ago
- Windows user-land hooks manipulation tool.☆145Updated 4 years ago
- ☆63Updated last year
- Run Processes as PPL with ELAM☆173Updated 3 years ago
- MalUnpack companion driver☆97Updated last year
- 2022 Updated Kernelmode-Code☆33Updated last year
- ☆84Updated 3 years ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆53Updated 4 years ago
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆118Updated 2 years ago
- Clone running process with ZwCreateProcess☆58Updated 4 years ago
- A small library helping to parse commandline parameters (for C/C++)☆58Updated 5 months ago
- A cross-platform Python toolkit for parsing/writing PE files.☆66Updated last year
- Enabled / Disable LSA Protection via BYOVD☆78Updated 3 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆121Updated 6 years ago
- Detours implementation (x64/x86) which used only ntdll import☆89Updated last week