hfiref0x / WDExtract

Related projects: ⓘ

• hugsy / CFB
  Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.
  ☆308Updated 5 months ago
• 0xAlexei / WindowsDefenderTools
  Tools for instrumenting Windows Defender's mpengine.dll
  ☆271Updated 5 years ago
• CylanceVulnResearch / ReflectiveDLLRefresher
  Universal Unhooking
  ☆312Updated 6 years ago
• hasherezade / module_overloading
  A more stealthy variant of "DLL hollowing"
  ☆335Updated 6 months ago
• antonioCoco / Mapping-Injection
  Just another Windows Process Injection
  ☆387Updated 4 years ago
• LloydLabs / Windows-API-Hashing
  This is a simple example and explanation of obfuscating API resolution via hashing
  ☆224Updated 4 years ago
• commial / experiments
  Expriments
  ☆438Updated 4 months ago
• tyranid / WindowsRpcClients
  This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System f…
  ☆269Updated 4 years ago
• hasherezade / process_doppelganging
  My implementation of enSilo's Process Doppelganging (PE injection technique)
  ☆577Updated 2 years ago
• OALabs / BlobRunner
  Quickly debug shellcode extracted during malware analysis
  ☆547Updated last year
• br-sn / CheekyBlinder
  Enumerating and removing kernel callbacks using signed vulnerable drivers
  ☆537Updated last year
• LloydLabs / delete-self-poc
  A way to delete a locked file, or current running executable, on disk.
  ☆488Updated last month
• Cr4sh / KernelForge
  A library to develop kernel level Windows payloads for post HVCI era
  ☆355Updated 3 years ago
• am0nsec / wspe
  Windows System Programming Experiments
  ☆214Updated 2 years ago
• Fare9 / Windows-Internals
  My repository to upload drivers from different books and all the information related to windows internals.
  ☆153Updated 5 years ago
• hasherezade / masm_shc
  A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
  ☆157Updated 2 months ago
• koutto / ioctlbf
  Windows Kernel Drivers fuzzer
  ☆289Updated 7 years ago
• sam-b / windows_kernel_address_leaks
  Examples of leaking Kernel Mode information from User Mode on Windows
  ☆574Updated 7 years ago
• jdu2600 / Windows10EtwEvents
  Events from all manifest-based and mof-based ETW providers across Windows 10 versions
  ☆261Updated 4 months ago
• CheckPointSW / showstopper
  ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…
  ☆195Updated 2 years ago
• hasherezade / process_ghosting
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆627Updated 6 months ago
• tandasat / ExploitCapcom
  This is a standalone exploit for a vulnerable feature in Capcom.sys
  ☆280Updated 2 years ago
• D4stiny / PeaceMaker
  PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.
  ☆411Updated 4 years ago
• hasherezade / process_overwriting
  Yet another variant of Process Hollowing
  ☆349Updated 6 months ago
• 0xcpu / ExecutiveCallbackObjects
  Research on Windows Kernel Executive Callback Objects
  ☆277Updated 4 years ago
• dismantl / ImprovedReflectiveDLLInjection
  An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security
  ☆315Updated 7 years ago
• NtRaiseHardError / Antimalware-Research
  Research on Anti-malware and other related security solutions
  ☆243Updated 4 years ago
• eclypsium / Screwed-Drivers
  "Screwed Drivers" centralized information source for code references, links, etc.
  ☆334Updated 4 years ago
• LordNoteworthy / windows-internals
  My notes while studying Windows internals
  ☆387Updated this week
• connormcgarr / Kernel-Exploits
  Kernel Exploits
  ☆240Updated 3 years ago