gmh5225 / Driver-SoulExtraction
SoulExtraction is a windows driver library for extracting cert information in windows drivers
☆21Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Driver-SoulExtraction
- Injects position-dependent code into a code cave in an executable file, and applies relocations.☆19Updated last year
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆31Updated 2 years ago
- A simple direct syscall wrapper written in C++ with compatibility for x86 and x64 programs.☆41Updated last year
- Neutralize KEPServerEX anti-debugging techniques☆31Updated last year
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆48Updated last year
- ☆22Updated last year
- Anti-Analysis technique, trick the debugger by Hiding events from it.☆18Updated 3 years ago
- XOrCryptEx lightweight C Utility/Algorithm☆11Updated 2 years ago
- An example of how to use Microsoft Windows Warbird technology☆25Updated last year
- automates exploits using ROP chains, using ntdll-scraper☆16Updated 2 years ago
- ☆27Updated 2 years ago
- IAT-Obfuscation to make static analysis of executable harder.☆41Updated 3 years ago
- Code Integrity Violation Spotter☆17Updated 4 months ago
- WinHvShellcodeEmulator (WHSE) is a shellcode emulator leveraging the Windows Hypervisor Platform API☆19Updated 2 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- A compact tool for detecting AV/EDR hooks in default Windows libraries.☆29Updated 2 years ago
- research revolving the windows filtering platform callout mechanism☆20Updated 5 months ago
- manual mapping injector☆26Updated 2 years ago
- ☆29Updated 2 years ago
- collection of code snippets,windbg,python scripts and resources☆13Updated 2 years ago
- Fake Timestamps of Driver Certificates while keeping validity.☆16Updated 3 years ago
- A native Windows library for intercepting kernel-to-user transitions using instrumentation callbacks☆15Updated 9 months ago
- silence file system monitoring components by hooking their minifilters☆51Updated 9 months ago
- R3劫持所有异常☆13Updated 3 years ago
- UEFI bootkit: Hardware Implant. In-Progress☆11Updated 2 years ago
- allowing um r/w through km from um ioctl ™☆12Updated 2 years ago
- A kernel mode Windows rootkit in development.☆49Updated 2 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆20Updated 2 years ago
- EDR PoC WIP LLC☆10Updated 9 months ago
- Load Dll into Kernel space☆38Updated 2 years ago