hasherezade / pe_unmapper
Small tool to convert beteween the PE alignments (raw and virtual).
☆74Updated last year
Related projects: ⓘ
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆101Updated 3 weeks ago
- Lenovo Diagnostics Driver EoP - Arbitrary R/W☆168Updated last year
- PoC Anti-Rootkit to uncover Windows Drivers/Rootkits mapped to Kernel Memory.☆138Updated this week
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆98Updated last year
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆114Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆105Updated 2 months ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆98Updated 2 years ago
- IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformati…☆101Updated 2 weeks ago
- Various Process Injection Techniques☆141Updated 2 years ago
- IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).☆81Updated 2 years ago
- Writeups for CTF challenges☆28Updated 10 months ago
- Detours implementation (x64/x86) which used only ntdll import☆85Updated 3 months ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆100Updated last year
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆214Updated 2 months ago
- Run Processes as PPL with ELAM☆139Updated 2 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆49Updated last year
- UnpacMe IDA Byte Search☆25Updated 10 months ago
- a small curation of created/stolen scripts for reverse engineering☆12Updated 4 months ago
- A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.☆81Updated last year
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆93Updated last year
- Helpful WinDBG command for kernel debugging☆19Updated 3 years ago
- Admin to Kernel code execution using the KSecDD driver☆232Updated 5 months ago
- Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.☆147Updated 2 years ago
- C# implementation to produce ROR-13 numeric hash for given function API name☆31Updated 5 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆91Updated last year
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆229Updated 2 years ago
- IDA Pro plugin for recognizing known hashes of API function names☆82Updated 2 years ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆151Updated 2 months ago
- PoC capable of detecting manual syscalls from usermode.☆176Updated 3 years ago
- spoof return address☆68Updated last year