gabriellandau / CISpotterView external linksLinks
Code Integrity Violation Spotter
☆17Jun 11, 2024Updated last year
Alternatives and similar repositories for CISpotter
Users that are interested in CISpotter are comparing it to the libraries listed below
Sorting:
- ☆44Oct 7, 2018Updated 7 years ago
- ☆16Oct 31, 2022Updated 3 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- R3劫持所有异常☆15Jan 4, 2021Updated 5 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- kernel-mode TDI client which can send and receive HTTP requests☆56Jun 9, 2018Updated 7 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- Basic utilities for executing, reading and writing 64-bit data in a 32-bit WoW64 process☆19Jul 8, 2022Updated 3 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Jan 9, 2022Updated 4 years ago
- ☆13Aug 24, 2022Updated 3 years ago
- PoC of BOOST-ed _EPROCESS.VadRoot iterating☆27May 21, 2014Updated 11 years ago
- ☆35Oct 18, 2022Updated 3 years ago
- Example of making debugger using Hardware Breakpoint + VEH☆18May 13, 2021Updated 4 years ago
- first commit☆64Oct 29, 2020Updated 5 years ago
- Documenting system information classes and their uses☆56Oct 18, 2021Updated 4 years ago
- ☆33Dec 22, 2020Updated 5 years ago
- Some crazy PE executables protection kernel driver☆20May 2, 2020Updated 5 years ago
- Driver Loader/BE Bypass/Win Malware(lol)☆36Jun 25, 2019Updated 6 years ago
- ☆133Oct 14, 2022Updated 3 years ago
- ☆34Aug 14, 2023Updated 2 years ago
- Windows system repair tool☆18Jun 2, 2021Updated 4 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆88Oct 6, 2020Updated 5 years ago
- A research project about Windows notify routines.☆38Jul 31, 2020Updated 5 years ago
- Call 32bit NtDLL API directly from WoW64 Layer☆62Nov 18, 2020Updated 5 years ago
- SV-Assistant☆21Jan 31, 2024Updated 2 years ago
- ☆18Dec 5, 2016Updated 9 years ago
- VEH Redirect & VEH Debugger☆23May 18, 2020Updated 5 years ago
- How Meltdown and Spectre haunt Anti-Cheat: DVRT details☆22Aug 21, 2024Updated last year
- A poc that abuses Enclave☆40Sep 8, 2022Updated 3 years ago
- NT AUTHORITY\SYSTEM☆43Jul 8, 2020Updated 5 years ago
- Experiment to use sections as User/Kernelmode comm vector☆22Apr 7, 2023Updated 2 years ago
- PsSetCreateProcessNotifyRoutine/Ex/Ex2 hook☆12May 30, 2024Updated last year
- Windows internals and exploitation tricks☆112Nov 9, 2025Updated 3 months ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 7 months ago
- Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable …☆23Sep 18, 2017Updated 8 years ago
- Global DLL injector☆71May 16, 2021Updated 4 years ago
- A VMBR (Virtual-Machine Based Rootkit) which runs a guest OS and sends the attacker its data☆28Apr 27, 2024Updated last year
- ☆11Jan 8, 2022Updated 4 years ago