dr-anoroc / rawccopy

Related projects ⓘ

Alternatives and complementary repositories for rawccopy

• jbaines-r7 / dellicious
  Enabled / Disable LSA Protection via BYOVD
  ☆62Updated 2 years ago
• realoriginal / bootdoor
  An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot
  ☆59Updated last year
• VergiliusProject / kernels-data
  Windows kernel PDB data parsed into YAML
  ☆31Updated 10 months ago
• jonaslyk / temp
  ☆65Updated last year
• hasherezade / libpeconv_tpl
  A ready-made template for a project based on libpeconv.
  ☆40Updated 2 weeks ago
• 0xMegaByte / COM-Explained
  ☆27Updated 2 years ago
• zodiacon / VerifierDLL
  Example of building an application verifer DLL
  ☆45Updated 5 months ago
• nccgroup / mimikatz-detector-condrv
  The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent …
  ☆36Updated 2 years ago
• NtRaiseHardError / Sysmon
  Sysmon shenanigans
  ☆65Updated 4 years ago
• worawit / malk
  Demonstrate calling a kernel function and handle process creation callback against HVCI
  ☆48Updated last year
• hasherezade / pe2pic
  Small visualizator for PE files
  ☆67Updated last year
• LloydLabs / process-enumeration-stealth
  ☆76Updated 2 months ago
• Hagrid29 / herpaderply_hollowing
  Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
  ☆45Updated 2 years ago
• benheise / TitanLdr
  Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH
  ☆43Updated 3 years ago
• ASkyeye / CVE-2018-19320
  Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)
  ☆20Updated 4 years ago
• pr0tean / TelemetrySourcerer-patched
  Tiny driver patch to allow kernel callbacks to work on Win10 21h1
  ☆31Updated 2 years ago
• alfarom256 / MCP-PoC
  Minifilter Callback Patching Proof-of-Concept
  ☆61Updated 2 years ago
• jackullrich / TRunPE
  A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…
  ☆92Updated 5 years ago
• elastic / PPLGuard
  ☆67Updated last year
• Fleex255 / CustomShim
  Example/starter code for custom Windows application compatibility shims
  ☆31Updated 3 years ago
• realoriginal / blacklotus
  A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.
  ☆85Updated last year
• Dump-GUY / sc2pe
  Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE
  ☆64Updated last year
• NtQuerySystemInformation / NlsCodeInjectionThroughRegistry
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆117Updated last year
• 7eRoM / elam
  A Practical example of ELAM (Early Launch Anti-Malware)
  ☆30Updated 2 years ago
• aaaddress1 / dnLauncher
  ☆36Updated 2 years ago
• nccgroup / DetectWindowsCopyOnWriteForAPI
  Enumerate various traits from Windows processes as an aid to threat hunting
  ☆183Updated 2 years ago
• RedTeamOperations / VEH-PoC
  ☆105Updated last year
• knight0x07 / BumbleCrypt
  A Bumblebee-inspired Crypter
  ☆80Updated last year