kagurazakasanae / Mhyprot2DrvControlView external linksLinks
A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.
☆362Oct 28, 2020Updated 5 years ago
Alternatives and similar repositories for Mhyprot2DrvControl
Users that are interested in Mhyprot2DrvControl are comparing it to the libraries listed below
Sorting:
- A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.☆349Jul 3, 2021Updated 4 years ago
- A static library, wrapper for mhyprot vulnerable driver, execute exploits and tests☆133Oct 26, 2020Updated 5 years ago
- Reverse engineering Genshin Impact anticheat to study how anticheats work on the Windows operating system.☆107Nov 27, 2021Updated 4 years ago
- Mhy Exp (exploit signed driver)☆141May 17, 2022Updated 3 years ago
- A user-mode emulator for the mhyprot2.sys driver☆118Aug 25, 2022Updated 3 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆587Jan 24, 2023Updated 3 years ago
- CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon,其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能☆731Sep 1, 2021Updated 4 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,004Jun 4, 2024Updated last year
- Modified version of Il2CppAssemblyUnhollower that allows you to analysis GenShin Impact's UserAssembly.dll☆42Oct 28, 2020Updated 5 years ago
- A PoC for vulnerable driver "mhyprot" that allows us to read/write memory in kernel/user from usermode.☆160Oct 18, 2020Updated 5 years ago
- Fake Timestamps of Driver Certificates while keeping validity.☆18Jul 15, 2021Updated 4 years ago
- Take a screenshot without injection for Cobalt Strike☆203Jun 7, 2023Updated 2 years ago
- Kill Protected Process Light Process (include av)☆58Sep 15, 2023Updated 2 years ago
- Beacon.dll reverse☆141Sep 5, 2021Updated 4 years ago
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,253Aug 27, 2023Updated 2 years ago
- Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…☆1,289Jun 21, 2024Updated last year
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆741Jul 22, 2023Updated 2 years ago
- An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…☆1,088Jun 17, 2022Updated 3 years ago
- Phantom DLL hollowing PoC☆370May 23, 2022Updated 3 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆242Jul 7, 2021Updated 4 years ago
- 替代PrintBug用于本地提权的新方式,主要利用MS-EFSR协议中的接口函数 借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式 Drawing on the use of the EFSR protocol in Potitpotam, …☆149Mar 13, 2022Updated 3 years ago
- Hook system calls on Windows by using Kaspersky's hypervisor☆1,272Apr 1, 2024Updated last year
- neat way to detect memory read using nt layer function.☆14Aug 4, 2023Updated 2 years ago
- Modified version of Il2CppDumper allows you to dump methods of UserAssembly.dll of the game Genshin Impact☆175Jun 12, 2021Updated 4 years ago
- X86 version of syswhispers2 / x86 direct system call☆330Jan 28, 2021Updated 5 years ago
- Yet another SharpSphere☆227Aug 1, 2021Updated 4 years ago
- Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具,它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的…☆929Jan 7, 2026Updated last month
- WINDOWS TELEMETRY权限维持☆258Jul 2, 2020Updated 5 years ago
- Execute unmanaged Windows executables in CobaltStrike Beacons☆714Mar 4, 2023Updated 2 years ago
- ☆1,781Aug 30, 2024Updated last year
- A PoC designed to bypass all usermode hooks in a WoW64 environment.☆150Sep 16, 2020Updated 5 years ago
- ☆89Jun 28, 2022Updated 3 years ago
- A tool to kill antimalware protected processes☆1,509Jun 19, 2021Updated 4 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆220Nov 12, 2020Updated 5 years ago
- inject shellcode into remote process via message hook☆15Oct 28, 2020Updated 5 years ago
- ☆564Jan 7, 2020Updated 6 years ago
- 这是一个一键辅助抓取360安全浏览器密码的CobaltStrike脚本以及解密小工具,用于节省红队工作量,通过下载浏览器数据库、记录密钥来离线解密浏览器密码。☆638Apr 4, 2021Updated 4 years ago
- Windows对抗沙箱和虚拟机的方法总结☆402Apr 22, 2020Updated 5 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆718Jul 19, 2023Updated 2 years ago