elastic/PPLGuard

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/elastic/PPLGuard)

elastic / PPLGuard

☆71

Alternatives and similar repositories for PPLGuard

Users that are interested in PPLGuard are comparing it to the libraries listed below

Sorting:

Cerbersec / KillDefenderBOF
View on GitHub
Beacon Object File PoC implementation of KillDefender
☆235Apr 12, 2022Updated 3 years ago
gabriellandau / CISpotter
View on GitHub
Code Integrity Violation Spotter
☆17Jun 11, 2024Updated last year
namazso / msvcrt.lib
View on GitHub
.lib file for linking against the NT CRT
☆19Mar 18, 2022Updated 4 years ago
worawit / malk
View on GitHub
Demonstrate calling a kernel function and handle process creation callback against HVCI
☆83Dec 21, 2022Updated 3 years ago
therealdreg / cgaty
View on GitHub
Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)
☆73Aug 11, 2023Updated 2 years ago
bananabr / Givemeahand
View on GitHub
A PoC tool for exploiting leaked process and thread handles
☆32Feb 13, 2024Updated 2 years ago
mattifestation / AntimalwareBlight
View on GitHub
Execute PowerShell code at the antimalware-light protection level.
☆142Dec 13, 2022Updated 3 years ago
Wra7h / ARCInject
View on GitHub
Overwrite a process's recovery callback and execute with WER
☆101Apr 17, 2022Updated 3 years ago
Slowerzs / CryptDecryptMemory
View on GitHub
☆31Dec 5, 2024Updated last year
mdsecactivebreach / com_inject
View on GitHub
☆209Apr 5, 2022Updated 3 years ago
xenoscr / manual-syscall-detect
View on GitHub
A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
☆116Feb 1, 2022Updated 4 years ago
janoglezcampos / DeathSleep
View on GitHub
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
☆535Aug 1, 2022Updated 3 years ago
ethereal-vx / Antivirus-Artifacts
View on GitHub
Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
☆756Nov 16, 2021Updated 4 years ago
yardenshafir / cet-research
View on GitHub
A collection of tools, source code, and papers researching Windows' implementation of CET.
☆90Oct 6, 2020Updated 5 years ago
hasherezade / module_overloading
View on GitHub
A more stealthy variant of "DLL hollowing"
☆363Mar 8, 2024Updated 2 years ago
nccgroup / DetectWindowsCopyOnWriteForAPI
View on GitHub
Enumerate various traits from Windows processes as an aid to threat hunting
☆202Jan 13, 2022Updated 4 years ago
pwn1sher / KillDefender
View on GitHub
A small POC to make defender useless by removing its token privileges and lowering the token integrity
☆689Jun 28, 2022Updated 3 years ago
LloydLabs / dearg-thread-ipc-stealth
View on GitHub
A novel technique to communicate between threads using the standard ETHREAD structure
☆116Feb 27, 2021Updated 5 years ago
ntoskrnl7 / ldk
View on GitHub
Load Dll into Kernel space
☆40Aug 23, 2022Updated 3 years ago
aaaddress1 / wowGrail
View on GitHub
PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
☆109May 27, 2021Updated 4 years ago
aaaddress1 / knownDlls_Poison
View on GitHub
☆26Dec 29, 2021Updated 4 years ago
xuanxuan0 / TiEtwAgent
View on GitHub
PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
☆301Apr 10, 2021Updated 4 years ago
MartinIngesen / TokenStomp
View on GitHub
C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic
☆144Feb 23, 2022Updated 4 years ago
thefLink / RecycledGate
View on GitHub
Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
☆500Feb 3, 2022Updated 4 years ago
rmccrystal / winkernel-rs
View on GitHub
Utility functions for building Windows kernel drivers in Rust
☆21Nov 16, 2021Updated 4 years ago
TimMisiak / windup
View on GitHub
WinDbg installer/updater
☆45Jul 11, 2023Updated 2 years ago
klezVirus / obfuscator
View on GitHub
ollvm, based on llvm-clang 5.0.2, 6.0.1, 7.0.1, 8.0, 9.0, 9.0.1
☆19Apr 4, 2022Updated 3 years ago
KiFilterFiberContext / warbird-hook
View on GitHub
Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
☆271Aug 31, 2022Updated 3 years ago
BreakingMalwareResearch / CFGExceptions
View on GitHub
Adding exceptions to Microsoft's Control Flow Guard (CFG)
☆57Jun 21, 2016Updated 9 years ago
Crypt0s / Ekko_CFG_Bypass
View on GitHub
A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
☆115Aug 29, 2022Updated 3 years ago
itm4n / PPLdump
View on GitHub
Dump the memory of a PPL with a userland exploit
☆887Jul 24, 2022Updated 3 years ago
namazso / PawnPP
View on GitHub
A Pawn p-code interpreter written in C++
☆27Oct 13, 2022Updated 3 years ago
mgeeky / UnhookMe
View on GitHub
UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …
☆350Jul 3, 2022Updated 3 years ago
Cracked5pider / KaynLdr
View on GitHub
KaynLdr is a Reflective Loader written in C/ASM
☆553Dec 3, 2023Updated 2 years ago
depletionmode / VirtualAllocSecure
View on GitHub
☆18Feb 6, 2019Updated 7 years ago
bharadwajyas / ppdump-public
View on GitHub
Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…
☆25Mar 26, 2020Updated 5 years ago
BeneficialCode / WmipCodeSamples
View on GitHub
What makes it page
☆17Aug 24, 2022Updated 3 years ago
frkngksl / ParallelNimcalls
View on GitHub
Nim version of MDSec's Parallel Syscall PoC
☆124Jan 14, 2022Updated 4 years ago
fortra / CreateProcess
View on GitHub
A small PoC that creates processes in Windows
☆187Jun 6, 2024Updated last year