hid3rx / GhostWriting
☆22Updated last year
Related projects ⓘ
Alternatives and complementary repositories for GhostWriting
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆20Updated 2 years ago
- IAT-Obfuscation to make static analysis of executable harder.☆41Updated 3 years ago
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆31Updated 2 years ago
- ☆26Updated last year
- A compact tool for detecting AV/EDR hooks in default Windows libraries.☆29Updated 2 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆42Updated last year
- Dynamically generated obfuscated jumps and/or function calls☆33Updated last year
- ☆37Updated last year
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆38Updated 3 years ago
- A kernel mode Windows rootkit in development.☆49Updated 2 years ago
- Load Dll into Kernel space☆38Updated 2 years ago
- Compile-Time Calls Obfuscator for C++14+☆34Updated 11 months ago
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated last year
- Rookit and anti rookit on Windows platform☆10Updated 6 months ago
- ☆27Updated 4 months ago
- ksc4cpp is a shellcode framework for windows kernel based on C++☆21Updated last year
- Next gen process injection technique☆42Updated 4 years ago
- ☆8Updated 4 months ago
- kernel to user mode APC injector☆43Updated 2 years ago
- bootkit驱动映射,三环进程注入加载指定模块☆11Updated last month
- ☆25Updated 3 years ago
- collection of code snippets,windbg,python scripts and resources☆13Updated 2 years ago
- ☆11Updated 2 years ago
- An attempt at reversing WindowsDefender☆20Updated last month
- Call NtCreateUserProcess directly as normal.☆66Updated 2 years ago
- An extended proof-of-concept for the CVE-2021-21551 Dell ‘dbutil_2_3.sys’ Kernel Exploit☆23Updated 3 years ago