hfiref0x / Vault
Various code from the past (for historical purposes)
☆12Updated last year
Alternatives and similar repositories for Vault:
Users that are interested in Vault are comparing it to the libraries listed below
- Class implementation of PowerLoader injection technique☆29Updated 8 years ago
- User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.☆19Updated 9 years ago
- User-mode program parsing logs created by HyperPlatform☆18Updated 8 years ago
- just an lite AntiRootkit for interesting☆23Updated 9 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆76Updated 9 years ago
- ☆27Updated 9 years ago
- drvtriks kernel driver for Windows 7 SP1 and 8.1 x64, that tricks around in your system.☆31Updated 7 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆75Updated 14 years ago
- Simple tool for unpacking packed/protected malware executables.☆32Updated 13 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 7 years ago
- Wow64 syscall hook☆40Updated 7 years ago
- Bypass for the hardening against usage of tagWnd as a kernel read/write primitive☆29Updated 7 years ago
- Static library and headers for linking your software with ntdll.dll☆32Updated 5 years ago
- Windows shellcode example☆9Updated 11 years ago
- win32/x64 obfuscate framework☆32Updated 5 years ago
- Simple PE packer with RtlCompressBuffer☆21Updated 9 years ago
- Analyze PatchGuard☆55Updated 6 years ago
- Simple code generation library developed in C intended for code generation in Kernel mode☆16Updated 2 years ago
- Anti-Debugging detection and obufuscation techniques that involved the use of Win32 API functions.☆34Updated 8 years ago
- Kernel-mode file scanner☆18Updated 6 years ago
- Helper utility for debugging windows PE/PE+ loader.☆51Updated 9 years ago
- Decrement Windows Kernel for fun and profit☆37Updated 7 years ago
- Bootkits Revisited☆41Updated 10 years ago
- Bypass HackShield several specific SSDT hook in Ring0☆23Updated 10 years ago
- Full reversing of the Microsoft Auxiliary Windows API Library and ported to C☆23Updated 2 months ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆22Updated 7 years ago
- Windows anti-rootkit library☆38Updated 9 years ago
- Reverse engineering AddVectoredExceptionHandler☆3Updated 2 years ago
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆52Updated last year
- Analyze and attack windows applications using dll hijacking vulnerabilities☆56Updated 5 years ago