A VMBR (Virtual-Machine Based Rootkit) which runs a guest OS and sends the attacker its data
☆28Apr 27, 2024Updated last year
Alternatives and similar repositories for VMBR
Users that are interested in VMBR are comparing it to the libraries listed below
Sorting:
- ☆33Dec 22, 2020Updated 5 years ago
- a dkom rootkit that targets windows x64 systems. the rootkit hooks and edits criticl memory sections in order to hide different resources…☆18Jul 5, 2023Updated 2 years ago
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- An example code of CiGetCertPublisherName☆17Mar 24, 2022Updated 3 years ago
- Static Library For Windows Drivers☆41Dec 13, 2025Updated 2 months ago
- Interprocess communication library, providing the ability to call functions from each other☆20Oct 3, 2019Updated 6 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- 横向移动三剑客 ( Lateral movement tools)☆30Nov 16, 2021Updated 4 years ago
- Enum and Remove Hook in Windows☆51Dec 11, 2025Updated 2 months ago
- 参考taviso的代码逆向一下mpengine.dll☆20Jun 30, 2022Updated 3 years ago
- ☆34Aug 14, 2023Updated 2 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 3 years ago
- windows rootkit☆60May 2, 2024Updated last year
- A simple way to spoof return addresses using an exception handler☆43Aug 3, 2022Updated 3 years ago
- Application Verifier Dynamic Fault Injection☆40Jan 12, 2026Updated last month
- PsSetCreateProcessNotifyRoutine/Ex/Ex2 hook☆12May 30, 2024Updated last year
- A 64 bit OS☆10Nov 12, 2025Updated 3 months ago
- Rootkit & Anti-rootkit☆42Jan 27, 2024Updated 2 years ago
- simple driver to read and write☆19Apr 13, 2025Updated 10 months ago
- Windows Console Monitor☆34Jun 11, 2019Updated 6 years ago
- 跨平台模拟执行unicorn框架基于Qemu的TCG模式(Tiny Code Generator),以无硬件虚拟化支持方式实现全系统的虚拟化,支持跨平台和架构的CPU指令模拟,本文讨论是一款笔者的实验性项目采用Windows Hypervisor Platform虚拟机模式…☆79Dec 17, 2023Updated 2 years ago
- Linux内核学习——心中的内核☆18Jun 24, 2025Updated 8 months ago
- ☆15Mar 28, 2015Updated 10 years ago
- Simple command line tool to enumerate loaded WFP callout drivers☆10Feb 2, 2024Updated 2 years ago
- Windows kernel-mode driver Allocator for Rust☆11Oct 8, 2018Updated 7 years ago
- Microsoft decompiled IrDA drivers☆16Apr 15, 2015Updated 10 years ago
- Learn Winapi in this Repo with examples, to understand its abstraction in reverse engineering for Windows.☆11Aug 8, 2022Updated 3 years ago
- NASM listing to shellcode converter☆14May 6, 2018Updated 7 years ago
- Hyper-V sockets☆29Sep 11, 2017Updated 8 years ago
- Security introduction book☆23Jan 10, 2016Updated 10 years ago
- clearing traces of a loaded driver☆47Jul 2, 2022Updated 3 years ago
- Simple demo of accessing System Management BIOS in UEFI environment.☆14Oct 13, 2020Updated 5 years ago
- Ready-to-use headers for Windows Kernel SSDT indices☆11Apr 12, 2020Updated 5 years ago
- Repository of different kernel drivers written while studying Windows NT Driver development☆12Apr 14, 2024Updated last year
- R3劫持所有异常☆15Jan 4, 2021Updated 5 years ago
- Use ci.dll API for validating Authenticode signature of files☆167Mar 28, 2022Updated 3 years ago
- just proof of concept. hooking MmCopyMemory PG safe.☆82Nov 13, 2023Updated 2 years ago
- Example of real-time Windows ETW packet capture session☆54Jul 12, 2017Updated 8 years ago