Recon 2015 Presentation from Alex Ionescu
☆250Jan 27, 2016Updated 10 years ago
Alternatives and similar repositories for HookingNirvana
Users that are interested in HookingNirvana are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆182Nov 30, 2017Updated 8 years ago
- Remote execution tool☆14Jan 14, 2014Updated 12 years ago
- Anti-AV compilation☆44Oct 4, 2013Updated 12 years ago
- APC Internals Research Code☆169Jun 28, 2020Updated 5 years ago
- Detecting execution of kernel memory where is not backed by any image file☆262Jul 11, 2018Updated 7 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Elevation of privilege detector based on HyperPlatform☆124Mar 5, 2017Updated 9 years ago
- PatchGuard Research☆305Oct 6, 2018Updated 7 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- Examples of leaking Kernel Mode information from User Mode on Windows☆635Jul 7, 2017Updated 8 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆241Nov 6, 2019Updated 6 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆300Apr 10, 2021Updated 4 years ago
- ☆34Sep 22, 2017Updated 8 years ago
- Lists work items being queued currently.☆15Jun 7, 2015Updated 10 years ago
- PoC of BOOST-ed _EPROCESS.VadRoot iterating☆27May 21, 2014Updated 11 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Incident Response & Digital Forensics Debugging Extension☆393Dec 11, 2018Updated 7 years ago
- Tool to view and create Microsoft shim database files (SDB).☆119May 11, 2017Updated 8 years ago
- The ultimate hooking library☆276Mar 19, 2021Updated 5 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆563Apr 8, 2025Updated 11 months ago
- A memory scanning evasion technique☆899May 24, 2017Updated 8 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆208May 27, 2021Updated 4 years ago
- A more stealthy variant of "DLL hollowing"☆364Mar 8, 2024Updated 2 years ago
- WinDBG Anti-RootKit Extension☆645Jul 29, 2020Updated 5 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆201Jan 13, 2022Updated 4 years ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- Implementation of a dispatcher for Structured Exceptions inside a Vectored Exception Handler☆42Feb 15, 2020Updated 6 years ago
- Monitoring and controlling kernel API calls with stealth hook using EPT☆1,363Jan 22, 2022Updated 4 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆903Nov 21, 2019Updated 6 years ago
- a Japanese food keeps you sane☆120Aug 22, 2015Updated 10 years ago
- Hypervisor based tool for monitoring system register accesses.☆155Sep 13, 2018Updated 7 years ago
- Local Kernel Debugger (LKD) is a python wrapper around dbgengine.dll☆92Aug 22, 2016Updated 9 years ago
- Hyper-V Research is trendy now☆199May 6, 2024Updated last year
- Research on Windows Kernel Executive Callback Objects☆316Feb 22, 2020Updated 6 years ago
- Translates WinDbg "dt" structure dump to a C structure☆133Oct 16, 2016Updated 9 years ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers☆893Jun 18, 2025Updated 9 months ago
- ☆69Dec 17, 2020Updated 5 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆134May 17, 2023Updated 2 years ago
- Sysmon-Like research tool for ETW☆387Nov 15, 2022Updated 3 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆236Apr 2, 2022Updated 3 years ago
- Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.☆1,003Jan 17, 2023Updated 3 years ago