ionescu007 / HookingNirvanaLinks
Recon 2015 Presentation from Alex Ionescu
☆246Updated 9 years ago
Alternatives and similar repositories for HookingNirvana
Users that are interested in HookingNirvana are comparing it to the libraries listed below
Sorting:
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆226Updated 2 years ago
- This is a collection of interesting codes about Windows Process creation.☆239Updated last year
- Windows Drivers☆99Updated 6 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆233Updated 5 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆143Updated 6 years ago
- ☆121Updated 5 years ago
- Tools for instrumenting Windows Defender's mpengine.dll☆304Updated 6 years ago
- ☆403Updated 8 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆229Updated 5 years ago
- Research on Windows Kernel Executive Callback Objects☆309Updated 5 years ago
- The history of Windows Internals via symbols.☆180Updated 3 years ago
- Driver Initial Reconnaissance Tool☆123Updated 5 years ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆179Updated 7 years ago
- Simple 32/64-bit PEs loader.☆138Updated 6 years ago
- Set of antianalysis techniques found in malware☆131Updated 2 years ago
- This is a simple example and explanation of obfuscating API resolution via hashing☆237Updated 5 years ago
- Process Doppelgänging☆161Updated 7 years ago
- ☆131Updated last year
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆332Updated last year
- Elevation of privilege detector based on HyperPlatform☆122Updated 8 years ago
- Persistent IAT hooking application - based on bearparser☆259Updated 3 years ago
- Source from VMDE paper, adapted to 2015☆187Updated 7 years ago
- Multi-purpose proof-of-concept tool based on CPU-Z CVE-2017-15303☆110Updated 7 years ago
- TDL4 style rootkit to spoof read/write requests to master boot record☆131Updated 7 years ago
- Hyper-V Research is trendy now☆186Updated last year
- Inject code into a legitimate process☆145Updated 10 years ago
- APC Internals Research Code☆168Updated 5 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆147Updated 5 years ago
- Process Hollowing for 32 bit and 64 bit☆79Updated 7 years ago
- Demos of various (also non standard) persistence methods used by malware☆223Updated 2 years ago