kkent030315 / evil-mhyprot-cliLinks
A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.
☆339Updated 4 years ago
Alternatives and similar repositories for evil-mhyprot-cli
Users that are interested in evil-mhyprot-cli are comparing it to the libraries listed below
Sorting:
- A static library, wrapper for mhyprot vulnerable driver, execute exploits and tests☆131Updated 4 years ago
- A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.☆354Updated 4 years ago
- Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vu…☆259Updated 3 years ago
- A PoC for vulnerable driver "mhyprot" that allows us to read/write memory in kernel/user from usermode.☆161Updated 4 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆354Updated 3 years ago
- DLL that hooks the NtQuerySystemInformation API and hides a process name☆293Updated 2 years ago
- DSE bypass using a leaked cert and adjusting the current clock.☆151Updated 2 years ago
- Controlling Windows PP(L)s☆341Updated 2 years ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆301Updated 10 months ago
- A simple commandline injector using classic DLL injection☆150Updated 3 years ago
- ☆144Updated 3 weeks ago
- Signtool for expired certificates☆487Updated 2 years ago
- Bypassing PatchGuard on modern x64 systems☆268Updated 2 years ago
- A x64 Windows Rootkit using SSDT or Hypervisor hook☆554Updated 8 months ago
- HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…☆376Updated 2 years ago
- A collection of various vulnerable (mostly physical memory exposing) drivers.☆402Updated 3 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆206Updated 4 years ago
- Load your driver like win32k.sys☆255Updated 3 years ago
- Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks☆378Updated 2 months ago
- Simple Kernelmode DLL Injector with Manual mapping☆310Updated last year
- Demo proof of concept for shadow regions, and implementation of HyperDeceit.☆296Updated 2 years ago
- Debugger Anti-Detection Benchmark☆357Updated 3 weeks ago
- Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.☆353Updated 4 years ago
- Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.☆274Updated 2 years ago
- Unsigned driver loader using CVE-2018-19320☆300Updated 2 years ago
- PE bin2bin obfuscator☆764Updated 4 months ago
- Using CVE-2023-21768 to manual map kernel mode driver☆192Updated 2 years ago
- This tool will allow you to spoof the return addresses of your functions as well as system functions.☆512Updated 2 years ago
- Windows Kernel inject (no module no thread)☆278Updated 2 years ago
- ☆317Updated 3 months ago