gabriellandau / ItsNotASecurityBoundaryLinks
☆169Updated 10 months ago
Alternatives and similar repositories for ItsNotASecurityBoundary
Users that are interested in ItsNotASecurityBoundary are comparing it to the libraries listed below
Sorting:
- Admin to Kernel code execution using the KSecDD driver☆250Updated last year
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆222Updated 7 months ago
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆159Updated 3 weeks ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆216Updated last week
- Windows LPE exploit for CVE-2022-37969☆134Updated last year
- Activation cache poisoning to elevate from medium to high integrity (CVE-2024-6769)☆71Updated 8 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆257Updated 10 months ago
- Windows KASLR bypass using prefetch side-channel☆100Updated last year
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆137Updated 2 years ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆192Updated last year
- POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY☆193Updated last month
- Reverse engineering winapi function loadlibrary.☆197Updated 2 years ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆289Updated last year
- Windows rootkit designed to work with BYOVD exploits☆198Updated 4 months ago
- An example reference design for a proposed BOF PE☆168Updated last month
- Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver☆149Updated last year
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆338Updated 9 months ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆285Updated last year
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆226Updated 7 months ago
- ☆190Updated last year
- Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation☆127Updated last year
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆118Updated 2 years ago
- a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor☆93Updated last year
- Lenovo Diagnostics Driver EoP - Arbitrary R/W☆172Updated 2 years ago
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆227Updated 2 years ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆156Updated 2 months ago
- Exploitation of process killer drivers☆201Updated last year
- A PoC implementation for dynamically masking call stacks with timers.☆276Updated 2 years ago
- Process Injection using Thread Name☆272Updated last month
- CVE-2024-30090 - LPE PoC☆107Updated 7 months ago