ionescu007 / HookingNirvanaView external linksLinks
Recon 2015 Presentation from Alex Ionescu
☆250Jan 27, 2016Updated 10 years ago
Alternatives and similar repositories for HookingNirvana
Users that are interested in HookingNirvana are comparing it to the libraries listed below
Sorting:
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆183Nov 30, 2017Updated 8 years ago
- Remote execution tool☆14Jan 14, 2014Updated 12 years ago
- APC Internals Research Code☆167Jun 28, 2020Updated 5 years ago
- Detecting execution of kernel memory where is not backed by any image file☆262Jul 11, 2018Updated 7 years ago
- PatchGuard Research☆304Oct 6, 2018Updated 7 years ago
- ☆34Sep 22, 2017Updated 8 years ago
- Local Kernel Debugger (LKD) is a python wrapper around dbgengine.dll☆92Aug 22, 2016Updated 9 years ago
- Elevation of privilege detector based on HyperPlatform☆124Mar 5, 2017Updated 8 years ago
- Incident Response & Digital Forensics Debugging Extension☆386Dec 11, 2018Updated 7 years ago
- PoC of BOOST-ed _EPROCESS.VadRoot iterating☆27May 21, 2014Updated 11 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆239Nov 6, 2019Updated 6 years ago
- Anti-AV compilation☆44Oct 4, 2013Updated 12 years ago
- The ultimate hooking library☆276Mar 19, 2021Updated 4 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆298Apr 10, 2021Updated 4 years ago
- A memory scanning evasion technique☆897May 24, 2017Updated 8 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated last year
- Examples of leaking Kernel Mode information from User Mode on Windows☆629Jul 7, 2017Updated 8 years ago
- Monitoring and controlling kernel API calls with stealth hook using EPT☆1,352Jan 22, 2022Updated 4 years ago
- Tool to view and create Microsoft shim database files (SDB).☆118May 11, 2017Updated 8 years ago
- Hypervisor based tool for monitoring system register accesses.☆153Sep 13, 2018Updated 7 years ago
- proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC☆1,269May 1, 2024Updated last year
- WinDBG Anti-RootKit Extension☆645Jul 29, 2020Updated 5 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- a Japanese food keeps you sane☆119Aug 22, 2015Updated 10 years ago
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆750Dec 15, 2025Updated 2 months ago
- ☆68Dec 17, 2020Updated 5 years ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆130May 17, 2023Updated 2 years ago
- Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.☆1,000Jan 17, 2023Updated 3 years ago
- I Know Where Your Page Lives: Derandomizing the latest Windows 10 Kernel - ZeroNights 2016☆171Dec 7, 2016Updated 9 years ago
- Research on Windows Kernel Executive Callback Objects☆315Feb 22, 2020Updated 5 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆901Nov 21, 2019Updated 6 years ago
- Windows Object Explorer 64-bit☆1,883Updated this week
- Hyper-V Research is trendy now☆197May 6, 2024Updated last year
- Minimalistic VT-x hypervisor with hooks☆929Oct 18, 2019Updated 6 years ago
- An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security☆341Jul 30, 2017Updated 8 years ago
- Sysmon-Like research tool for ETW☆384Nov 15, 2022Updated 3 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers☆890Jun 18, 2025Updated 7 months ago