Loading unsigned code into kernel in Windows 10 (64) with help of VMware Workstation Pro/Player design flaw
☆141Apr 4, 2017Updated 8 years ago
Alternatives and similar repositories for vmw_vmx_overloader
Users that are interested in vmw_vmx_overloader are comparing it to the libraries listed below
Sorting:
- kernel exploitation helper class☆77Nov 26, 2016Updated 9 years ago
- PCAUSA Rawether for Windows Local Privilege Escalation☆39Mar 15, 2017Updated 8 years ago
- Wow64 syscall hook☆43May 28, 2017Updated 8 years ago
- ☆14Jan 10, 2017Updated 9 years ago
- An aggregate of tools used in the core of vmp_dbg plus other parsing utils to parse vmp bc.☆16Oct 18, 2016Updated 9 years ago
- Internet Explorer Exploit with CFG bypass for Windows 10☆59Jan 11, 2017Updated 9 years ago
- ☆408Mar 1, 2017Updated 9 years ago
- ☆52Sep 15, 2016Updated 9 years ago
- Kernel mode driver loader, injecting into the windows kernel, Rootkit. Driver injections.☆48Nov 9, 2014Updated 11 years ago
- ☆14Aug 15, 2018Updated 7 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆78Aug 12, 2015Updated 10 years ago
- A sample on how to inject a DLL from a kernel driver☆61Sep 13, 2016Updated 9 years ago
- This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows☆466Apr 17, 2018Updated 7 years ago
- IDA Pomidor is a plugin for Hex-Ray's IDA Pro disassembler that will help you retain concentration and productivity during long reversing…☆35Sep 23, 2014Updated 11 years ago
- A branch-monitor-based solution for process monitoring.☆138Feb 9, 2020Updated 6 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆57Jun 21, 2016Updated 9 years ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆22May 31, 2017Updated 8 years ago
- MIR-Engine☆23Jul 6, 2017Updated 8 years ago
- WIP - Play with Intel VM Extensions☆23Jun 12, 2017Updated 8 years ago
- ☆34Sep 22, 2017Updated 8 years ago
- ☆12Feb 19, 2017Updated 9 years ago
- Translates WinDbg "dt" structure dump to a C structure☆134Oct 16, 2016Updated 9 years ago
- Intercept arbitrary functions at run-time, without knowing their typedefs☆88Apr 13, 2017Updated 8 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆79Jan 24, 2011Updated 15 years ago
- nyā☆70Oct 16, 2015Updated 10 years ago
- windows syscall table from xp ~ 10 rs4☆356Jun 8, 2018Updated 7 years ago
- An Ark tool project,run on Win7 x86/x64☆118Jul 11, 2017Updated 8 years ago
- ☆30May 23, 2017Updated 8 years ago
- windows create process with a dll load first time via LdrHook☆31Oct 21, 2016Updated 9 years ago
- Windows工具类☆28Apr 23, 2017Updated 8 years ago
- An attempt at Process Doppelgänging☆183Dec 21, 2017Updated 8 years ago
- A sample project for using Capstone from a driver in Visual Studio 2015☆36May 4, 2016Updated 9 years ago
- Detect the SCI in windows.☆11Mar 23, 2017Updated 8 years ago
- more at http://www.zer0mem.sk/?p=271☆12Jun 11, 2013Updated 12 years ago
- I Know Where Your Page Lives: Derandomizing the latest Windows 10 Kernel - ZeroNights 2016☆172Dec 7, 2016Updated 9 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Mar 13, 2017Updated 8 years ago
- A windbg extension, extracting token related contents☆41Dec 23, 2020Updated 5 years ago
- An exploit for CVE-2016-7255 on Windows 7/8/8.1/10(pre-anniversary) 64 bit☆82Mar 9, 2017Updated 8 years ago
- Protect process fsfilter driver. Windows x64☆36Apr 11, 2016Updated 9 years ago