A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.
☆353Jul 3, 2021Updated 4 years ago
Alternatives and similar repositories for evil-mhyprot-cli
Users that are interested in evil-mhyprot-cli are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A static library, wrapper for mhyprot vulnerable driver, execute exploits and tests☆133Oct 26, 2020Updated 5 years ago
- A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.☆365Oct 28, 2020Updated 5 years ago
- Reverse engineering Genshin Impact anticheat to study how anticheats work on the Windows operating system.☆106Nov 27, 2021Updated 4 years ago
- A PoC for vulnerable driver "mhyprot" that allows us to read/write memory in kernel/user from usermode.☆161Oct 18, 2020Updated 5 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆392Jul 6, 2022Updated 3 years ago
- Deploy open-source AI quickly and easily - Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆220Nov 12, 2020Updated 5 years ago
- A user-mode emulator for the mhyprot2.sys driver☆121Aug 25, 2022Updated 3 years ago
- A kernelmode driver swapping a .data pointer in the kernel to perform communication between the kernel and usermode.☆139Oct 20, 2020Updated 5 years ago
- ☆30Jan 12, 2022Updated 4 years ago
- Stealthy UM <-> KM communication system without creating any system threads, permanent hooks, driver objects, section objects or device o…☆382Mar 15, 2024Updated 2 years ago
- Kernel Driver Utility☆2,489Apr 2, 2026Updated 2 weeks ago
- Load your driver like win32k.sys☆259Aug 20, 2022Updated 3 years ago
- The windows kernel debugger consists of two parts, KMOD which is the kernel driver handling ring3 request and KCLI, the command line inte…☆98Sep 12, 2022Updated 3 years ago
- base for testing☆186Sep 28, 2024Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- A collection of various vulnerable (mostly physical memory exposing) drivers.☆457Jun 15, 2022Updated 3 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆243Jul 7, 2021Updated 4 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 4 years ago
- ☆25May 17, 2022Updated 3 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆268Aug 31, 2022Updated 3 years ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆410Mar 16, 2026Updated last month
- Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.☆391Aug 8, 2021Updated 4 years ago
- usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to …☆481Jan 3, 2022Updated 4 years ago
- CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM☆162Dec 24, 2022Updated 3 years ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆158May 21, 2024Updated last year
- Enabled / Disable LSA Protection via BYOVD☆81Dec 8, 2021Updated 4 years ago
- Easy Anti PatchGuard☆221Apr 9, 2021Updated 5 years ago
- ☆147Jan 24, 2024Updated 2 years ago
- x64 Windows privilege elevation using anycall☆21May 28, 2021Updated 4 years ago
- Bypasses for Windows kernel callbacks PatchGuard protection☆44Aug 15, 2021Updated 4 years ago
- 可在非测试模式下符号化读取内核内存。Kernel memory can be read symbolically in non test mode。☆107Sep 1, 2022Updated 3 years ago
- Access without a real handle☆1,046Apr 10, 2021Updated 5 years ago
- windows kernelmode driver to inject dll into each and every process and perform systemwide function hooking☆52Aug 28, 2022Updated 3 years ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module☆420Sep 9, 2018Updated 7 years ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆326Oct 13, 2024Updated last year
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.☆150Feb 12, 2022Updated 4 years ago
- Manual mapping without creating any threads, with rw only access☆810Oct 29, 2019Updated 6 years ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆332Mar 26, 2024Updated 2 years ago
- ☆141Jan 10, 2020Updated 6 years ago
- Windows Kernel inject (no module no thread)☆282Nov 11, 2022Updated 3 years ago