ikermit / 11Syscalls
Windows 11 Syscall table. Ready to use in direct syscall. Actively maintained.
☆19Updated 2 years ago
Related projects: ⓘ
- ☆27Updated last year
- A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.☆81Updated last year
- Detours implementation (x64/x86) which used only ntdll import☆85Updated 3 months ago
- ☆65Updated last year
- An x64dbg plugin which helps make sense of long C++ symbols☆58Updated last year
- This x64dbg plugin allows you to upload your sample to Malcore and view the results.☆31Updated last year
- Native Powers Talk demos☆15Updated 10 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆91Updated last year
- An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot☆56Updated last year
- Finding Truth in the Shadows☆81Updated last year
- Listing UDP connections with remote address without sniffing.☆30Updated 11 months ago
- A kernel vulnerability used to achieve arbitrary read-write on Windows prior to July 2022☆103Updated last year
- GetModuleHandle (via PEB) and GetProcAddress (via EAT) like☆31Updated 2 years ago
- Easy encrypt/decrypt data with TPM☆24Updated 6 months ago
- Example of building an application verifer DLL☆44Updated 3 months ago
- Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE☆63Updated last year
- silence file system monitoring components by hooking their minifilters☆49Updated 7 months ago
- A Bumblebee-inspired Crypter☆79Updated last year
- Enabled / Disable LSA Protection via BYOVD☆61Updated 2 years ago
- using the gpu to hide your payload☆47Updated 2 years ago
- Signature finder (from PE-bear)☆29Updated 3 months ago
- Demo from the Malware Analysis and Development Webinar☆19Updated 5 months ago
- Sample project that encrypts windows 32-bit executables with password☆52Updated 2 years ago
- uefi diskless persistence technique + OVMF secureboot bypass☆50Updated 4 months ago
- Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files☆57Updated last year
- Add an empty section to a PE file☆49Updated 7 years ago
- A journal for $6,000 Riot Vanguard bounty.☆57Updated 11 months ago
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆46Updated 2 weeks ago
- A small tool I made to dump the export table of PE files. The primary use case was intended for use within DLL proxying.☆66Updated 2 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year