ioncodes / ceload
BYOVD: Loading dbk64.sys and grabbing a handle to it
☆151Updated 2 years ago
Alternatives and similar repositories for ceload:
Users that are interested in ceload are comparing it to the libraries listed below
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆245Updated 2 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆202Updated 3 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆217Updated 5 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆237Updated 3 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆198Updated 3 years ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆136Updated 8 months ago
- APC Internals Research Code☆166Updated 4 years ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆227Updated 2 years ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆278Updated 6 months ago
- IDA Pro plugin to make bitfield accesses easier to grep☆236Updated 2 months ago
- ☆143Updated last year
- Advanced driver monitoring utility.☆208Updated 2 years ago
- Abusing exceptions for code execution.☆110Updated 2 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆403Updated 3 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆120Updated 2 years ago
- The Windbg extensions to study Hyper-V on Intel and AMD processors.☆152Updated last month
- Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks☆354Updated 6 months ago
- PoC capable of detecting manual syscalls from usermode.☆194Updated 5 months ago
- Debugger Anti-Detection Benchmark☆332Updated last year
- Binary Ninja plugin for exploring Structured Exception Handlers☆81Updated 11 months ago
- Bypassing PatchGuard on modern x64 systems☆258Updated 2 years ago
- Exploit MsIo vulnerable driver☆100Updated 3 years ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆199Updated 6 months ago
- IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).☆88Updated 3 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆213Updated 2 years ago
- ☆87Updated 11 months ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆130Updated 3 years ago
- A PoC designed to bypass all usermode hooks in a WoW64 environment.☆149Updated 4 years ago
- ☆159Updated 3 years ago