dr-anoroc / rawccopyLinks
Command line utility for copying files on NTFS using low level disk access
☆36Updated last year
Alternatives and similar repositories for rawccopy
Users that are interested in rawccopy are comparing it to the libraries listed below
Sorting:
- Runs programs as TrustedInstaller☆49Updated 6 years ago
- Sysmon shenanigans☆66Updated 4 years ago
- The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent …☆40Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆189Updated 3 years ago
- ☆70Updated 8 months ago
- ☆84Updated 3 years ago
- Run Processes as PPL with ELAM☆171Updated 3 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆69Updated 6 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆35Updated 3 years ago
- ☆83Updated last year
- A novel technique to communicate between threads using the standard ETHREAD structure☆114Updated 4 years ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆53Updated 4 years ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆50Updated 2 years ago
- Small visualizator for PE files☆70Updated 2 years ago
- Windows kernel PDB data parsed into YAML☆41Updated 10 months ago
- ☆71Updated 2 years ago
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆68Updated 4 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆98Updated 6 years ago
- A Bumblebee-inspired Crypter☆79Updated 2 years ago
- Listing UDP connections with remote address without sniffing.☆28Updated 2 years ago
- A ready-made template for a project based on libpeconv.☆49Updated 7 months ago
- MalUnpack companion driver☆99Updated last year
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆74Updated 4 years ago
- ☆26Updated 3 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆144Updated 5 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆121Updated 6 years ago
- ☆36Updated 3 years ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆64Updated 2 years ago
- Enabled / Disable LSA Protection via BYOVD☆80Updated 3 years ago
- Signature finder (from PE-bear)☆38Updated last month