holi4m / gdrv-loader-v2
☆20Updated 2 years ago
Alternatives and similar repositories for gdrv-loader-v2:
Users that are interested in gdrv-loader-v2 are comparing it to the libraries listed below
- kernel to user mode APC injector☆44Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆84Updated 2 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆110Updated 3 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆73Updated 3 years ago
- spoof return address☆73Updated last year
- Windows API Call Obfuscation☆102Updated 2 years ago
- ☆29Updated 7 months ago
- Finding Truth in the Shadows☆89Updated 2 years ago
- silence file system monitoring components by hooking their minifilters☆56Updated last year
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated last year
- Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html☆122Updated 3 years ago
- Detours implementation (x64/x86) which used only ntdll import☆90Updated 10 months ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆43Updated 7 years ago
- A simple direct syscall wrapper written in C++ with compatibility for x86 and x64 programs.☆46Updated 2 months ago
- Dynamically generated obfuscated jumps and/or function calls☆35Updated 2 years ago
- CVE-2022-3699 with arbitrary kernel code execution capability☆70Updated 2 years ago
- Next gen process injection technique☆52Updated 4 years ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆86Updated 3 weeks ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆115Updated last year
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- ☆108Updated 2 years ago
- DSE & PG bypass via BYOVD attack☆50Updated last year
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆127Updated last year
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆118Updated last year
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆57Updated 2 years ago
- Load static-compiled PE from remote server.☆60Updated 3 years ago
- using wnbios64.sys for arbitrary r/w☆13Updated 11 months ago
- Hook NtDeviceIoControlFile with PatchGuard☆105Updated 2 years ago
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆48Updated 2 years ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆71Updated this week