A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.
☆364Oct 28, 2020Updated 5 years ago
Alternatives and similar repositories for Mhyprot2DrvControl
Users that are interested in Mhyprot2DrvControl are comparing it to the libraries listed below
Sorting:
- A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.☆351Jul 3, 2021Updated 4 years ago
- A static library, wrapper for mhyprot vulnerable driver, execute exploits and tests☆133Oct 26, 2020Updated 5 years ago
- Reverse engineering Genshin Impact anticheat to study how anticheats work on the Windows operating system.☆107Nov 27, 2021Updated 4 years ago
- A user-mode emulator for the mhyprot2.sys driver☆120Aug 25, 2022Updated 3 years ago
- Mhy Exp (exploit signed driver)☆141May 17, 2022Updated 3 years ago
- Kill Protected Process Light Process (include av)☆57Sep 15, 2023Updated 2 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆587Jan 24, 2023Updated 3 years ago
- A PoC for vulnerable driver "mhyprot" that allows us to read/write memory in kernel/user from usermode.☆161Oct 18, 2020Updated 5 years ago
- inject shellcode into remote process via message hook☆15Oct 28, 2020Updated 5 years ago
- Beacon.dll reverse☆141Sep 5, 2021Updated 4 years ago
- CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon,其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能☆729Sep 1, 2021Updated 4 years ago
- Modified version of Il2CppAssemblyUnhollower that allows you to analysis GenShin Impact's UserAssembly.dll☆43Oct 28, 2020Updated 5 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,008Jun 4, 2024Updated last year
- Take a screenshot without injection for Cobalt Strike☆203Jun 7, 2023Updated 2 years ago
- Fake Timestamps of Driver Certificates while keeping validity.☆18Jul 15, 2021Updated 4 years ago
- Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…☆1,296Jun 21, 2024Updated last year
- Hook system calls on Windows by using Kaspersky's hypervisor☆1,285Feb 14, 2026Updated last month
- Code Injection, Inject malicious payload via pagetables pml4.☆242Jul 7, 2021Updated 4 years ago
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,264Aug 27, 2023Updated 2 years ago
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆742Jul 22, 2023Updated 2 years ago
- Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具,它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的…☆932Jan 7, 2026Updated 2 months ago
- An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…☆1,098Jun 17, 2022Updated 3 years ago
- A collection of various vulnerable (mostly physical memory exposing) drivers.☆452Jun 15, 2022Updated 3 years ago
- Modified version of Il2CppDumper allows you to dump methods of UserAssembly.dll of the game Genshin Impact☆177Jun 12, 2021Updated 4 years ago
- Silence EDRs by removing kernel callbacks☆238Dec 7, 2020Updated 5 years ago
- X86 version of syswhispers2 / x86 direct system call☆330Jan 28, 2021Updated 5 years ago
- 修改自官方yara工具☆14May 6, 2024Updated last year
- Execute unmanaged Windows executables in CobaltStrike Beacons☆715Mar 4, 2023Updated 3 years ago
- A PoC designed to bypass all usermode hooks in a WoW64 environment.☆149Sep 16, 2020Updated 5 years ago
- Windows对抗沙箱和虚拟机的方法总结☆401Apr 22, 2020Updated 5 years ago
- Phantom DLL hollowing PoC☆372May 23, 2022Updated 3 years ago
- PrintSpoofer的反射dll实现,结合Cobalt Strike使用☆87Oct 7, 2021Updated 4 years ago
- Yet another SharpSphere☆227Aug 1, 2021Updated 4 years ago
- ☆1,793Aug 30, 2024Updated last year
- A tool to kill antimalware protected processes☆1,506Jun 19, 2021Updated 4 years ago
- 替代PrintBug用于本地提权的新方式,主要利用MS-EFSR协议中的接口函数 借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式 Drawing on the use of the EFSR protocol in Potitpotam, …☆149Mar 13, 2022Updated 4 years ago
- impersonate trustedinstaller by fiddling with tokens☆17Aug 30, 2021Updated 4 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆219Nov 12, 2020Updated 5 years ago
- neat way to detect memory read using nt layer function.☆13Aug 4, 2023Updated 2 years ago