eversinc33 / unKoverLinks
PoC Anti-Rootkit/Anti-Cheat Driver.
☆196Updated last month
Alternatives and similar repositories for unKover
Users that are interested in unKover are comparing it to the libraries listed below
Sorting:
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆154Updated 2 years ago
- Reverse engineering winapi function loadlibrary.☆194Updated 2 years ago
- Hooking Windows' exception dispatcher to protect process's PML4☆174Updated 4 months ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆203Updated 7 months ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆117Updated 2 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆121Updated 2 years ago
- manual map unsigned driver over signed memory☆187Updated last year
- Inline syscalls made for MSVC supporting x64 and WOW64☆181Updated last year
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆232Updated 10 months ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆216Updated last year
- Admin to Kernel code execution using the KSecDD driver☆250Updated last year
- ☆289Updated 3 weeks ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆134Updated 2 years ago
- Bypassing PatchGuard on modern x64 systems☆260Updated 2 years ago
- Windows x64 kernel mode rootkit process hollowing POC.☆191Updated last year
- Using Windows' own bootloader as a shim to bypass Secure Boot☆170Updated 10 months ago
- Lenovo Diagnostics Driver EoP - Arbitrary R/W☆172Updated 2 years ago
- Various Process Injection Techniques☆148Updated 2 years ago
- Process Injection using Thread Name☆272Updated last month
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆168Updated 2 years ago
- DSE & PG bypass via BYOVD attack☆51Updated last year
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆111Updated 3 years ago
- spoof return address☆75Updated 2 years ago
- State of the art DLL injector that took 20 minutes to make☆216Updated last year
- An x86-64 code virtualizer for VM based obfuscation☆120Updated 5 months ago
- Load your driver like win32k.sys☆253Updated 2 years ago
- Scan for potentially vulnerable drivers☆87Updated 3 years ago
- C++ macro for x64 programs that breaks ida hex-rays decompiler tool.☆116Updated last year
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆216Updated last week
- Detects virtual machines and malware analysis environments☆128Updated 2 years ago