jussihi / SMM-Rootkit
SMM rootkit similar to LoJax or MosaicRegressor
☆101Updated 10 months ago
Related projects: ⓘ
- A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …☆116Updated last year
- SMM UEFI module and client for UMD privilege escalation☆28Updated last year
- Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks☆266Updated 10 months ago
- Autonomous pre-boot DMA attack hardware implant for M.2 slot based on PicoEVB development board☆60Updated 10 months ago
- vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.☆88Updated 3 years ago
- Reverse engineered source code of the autochk rootkit☆195Updated 4 years ago
- A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.☆393Updated last year
- uefi diskless persistence technique + OVMF secureboot bypass☆50Updated 4 months ago
- Compact MBR Bootkit for Windows☆43Updated 2 years ago
- ☆128Updated last year
- ☆151Updated 3 years ago
- A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.☆81Updated last year
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆203Updated 4 years ago
- Abusing exceptions for code execution.☆104Updated last year
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆229Updated 2 years ago
- Advanced driver monitoring utility.☆194Updated 2 years ago
- A native hypervisor designed for the Windows operating system☆120Updated 3 years ago
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆221Updated 2 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆216Updated 3 years ago
- The Windbg extension that implements commands helpful to study Hyper-V on Intel processors.☆124Updated 3 months ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆251Updated 2 years ago
- The sample DXE runtime driver demonstrating how to program DMA remapping.☆57Updated 8 months ago
- Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)☆213Updated last year
- Three Tiny Examples of Directly Using Vista's NtCreateUserProcess☆84Updated 8 years ago
- Exploitable drivers, you know what I mean☆124Updated 5 months ago
- Another UEFI runtime bootkit☆25Updated last year
- Code injection from Linux kernel to a process☆19Updated last year
- A simple Windows kernel rootkit.☆86Updated 10 months ago
- 👓A collection of papers/tools/exploits for UEFI security.☆110Updated last month
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆100Updated last year