jbaines-r7 / delliciousView external linksLinks
Enabled / Disable LSA Protection via BYOVD
☆81Dec 8, 2021Updated 4 years ago
Alternatives and similar repositories for dellicious
Users that are interested in dellicious are comparing it to the libraries listed below
Sorting:
- ☆15Aug 17, 2023Updated 2 years ago
- .lib file for linking against the NT CRT☆18Mar 18, 2022Updated 3 years ago
- A bootkit to bypass Windows login (WIP)☆10Oct 25, 2023Updated 2 years ago
- miscellaneous scripts and programs☆276Jan 23, 2025Updated last year
- a simple intel vt code both support x86 & x64. PatchGuard monitor.☆77Oct 28, 2021Updated 4 years ago
- Lightweight WINAPI tracing with Pin☆27Aug 22, 2019Updated 6 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆587Jan 24, 2023Updated 3 years ago
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆36Jan 12, 2022Updated 4 years ago
- It's pointy and it hurts!☆127Oct 18, 2022Updated 3 years ago
- Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…☆25Mar 26, 2020Updated 5 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- bring your own vulnerable driver☆112May 17, 2023Updated 2 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆265Aug 31, 2022Updated 3 years ago
- x64 Registration-Free In-Process COM Automation Server.☆51Nov 28, 2022Updated 3 years ago
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆128Jan 18, 2022Updated 4 years ago
- ☆57Jan 15, 2024Updated 2 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- An obfuscator bases on llvm for multiple language and platform☆19Jun 28, 2017Updated 8 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆113Aug 29, 2022Updated 3 years ago
- maldev obviously☆28May 5, 2025Updated 9 months ago
- Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.☆51Dec 31, 2021Updated 4 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM☆162Dec 24, 2022Updated 3 years ago
- Six cases demonstrating methods of optimizing GetProcAddress☆18Jan 3, 2022Updated 4 years ago
- ☆274Jan 14, 2023Updated 3 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆207May 27, 2021Updated 4 years ago
- ☆78Oct 18, 2022Updated 3 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- hooking KiUserApcDispatcher☆25Apr 3, 2017Updated 8 years ago
- A C++ syscall ID extractor for Windows. Developed, debugged and tested on 20H2.☆21May 25, 2021Updated 4 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- ☆32Aug 21, 2023Updated 2 years ago
- Various implementations for C# in memory execution. Assembly.Load() Assembly.LoadFile() AppDomain.ExecuteAssembly()☆35Feb 10, 2021Updated 5 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆79Dec 21, 2022Updated 3 years ago