gabriellandau / ItsNotASecurityBoundary
☆160Updated 6 months ago
Alternatives and similar repositories for ItsNotASecurityBoundary:
Users that are interested in ItsNotASecurityBoundary are comparing it to the libraries listed below
- Admin to Kernel code execution using the KSecDD driver☆243Updated 9 months ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆181Updated 3 months ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆173Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆233Updated 6 months ago
- Exploitable drivers, you know what I mean☆130Updated 10 months ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆265Updated last year
- Exploitation of process killer drivers☆195Updated last year
- Windows LPE exploit for CVE-2022-37969☆131Updated last year
- Lenovo Diagnostics Driver EoP - Arbitrary R/W☆170Updated 2 years ago
- PoCs for Kernelmode rootkit techniques research.☆351Updated last week
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆203Updated 3 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆320Updated 5 months ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆109Updated last year
- Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver☆145Updated last year
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆111Updated last year
- Process Injection using Thread Name☆246Updated 5 months ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆207Updated last year
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆225Updated 2 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆266Updated 8 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆68Updated 3 weeks ago
- A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering t…☆92Updated last month
- The code is a pingback to the Dark Vortex blog:☆169Updated 2 years ago
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆130Updated last year
- ☆182Updated 8 months ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆213Updated last year
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆131Updated 8 months ago
- Activation cache poisoning to elevate from medium to high integrity (CVE-2024-6769)☆61Updated 4 months ago
- Windows x64 kernel mode rootkit process hollowing POC.☆185Updated last year
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆141Updated 10 months ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆290Updated last year