dr-anoroc / rawccopy
Command line utility for copying files on NTFS using low level disk access
☆34Updated last year
Alternatives and similar repositories for rawccopy:
Users that are interested in rawccopy are comparing it to the libraries listed below
- Portable & Custmizable Windows Defender☆12Updated 3 years ago
- Windows kernel PDB data parsed into YAML☆36Updated 5 months ago
- Enabled / Disable LSA Protection via BYOVD☆66Updated 3 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- ☆71Updated 2 years ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆56Updated last week
- ☆25Updated 2 years ago
- A ready-made template for a project based on libpeconv.☆47Updated 2 months ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆187Updated 3 years ago
- A Bumblebee-inspired Crypter☆80Updated 2 years ago
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆34Updated 3 years ago
- Create file system symbolic links from low privileged user accounts within PowerShell☆94Updated 2 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆53Updated 2 years ago
- Listing UDP connections with remote address without sniffing.☆29Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆76Updated last year
- ☆70Updated 2 months ago
- Finding Truth in the Shadows☆89Updated 2 years ago
- ☆82Updated 7 months ago
- Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE☆65Updated last year
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆49Updated this week
- A Poc on blocking Procmon from monitoring network events☆101Updated 2 years ago
- Small visualizator for PE files☆69Updated last year
- ☆23Updated last year
- ☆114Updated 2 years ago
- Minifilter Callback Patching Proof-of-Concept☆67Updated 2 years ago
- Standalone Metasploit-like XOR encoder for shellcode☆48Updated 11 months ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆50Updated 2 years ago
- Windows PDB Parser using Imagehlp library.☆16Updated 2 years ago
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆48Updated 3 years ago
- SoulExtraction is a windows driver library for extracting cert information in windows drivers☆22Updated 2 years ago