m417z / ntdoc

Related projects: ⓘ

• thesecretclub / SandboxBootkit
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆251Updated 2 years ago
• mrexodia / phnt-single-header
  Single header version of System Informer's phnt library.
  ☆172Updated 3 months ago
• mandiant / STrace
  A DTrace on Windows Reimplementation
  ☆317Updated last month
• alexander-hanel / msdocsviewer
  msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.
  ☆148Updated 8 months ago
• MiroKaku / Musa.Veil
  Collection of undocumented Windows API declarations.
  ☆283Updated 3 weeks ago
• hfiref0x / WubbabooMark
  Debugger Anti-Detection Benchmark
  ☆283Updated 9 months ago
• Fyyre / DrvMon
  Advanced driver monitoring utility.
  ☆194Updated 2 years ago
• Xyrem / HyperDeceit
  HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…
  ☆353Updated last year
• utoni / PastDSE
  DSE bypass using a leaked cert and adjusting the current clock.
  ☆133Updated 2 years ago
• KiFilterFiberContext / warbird-hook
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆229Updated 2 years ago
• mrexodia / AppInitHook
  Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary pr…
  ☆156Updated 2 years ago
• Cr4sh / KernelForge
  A library to develop kernel level Windows payloads for post HVCI era
  ☆355Updated 3 years ago
• NullArray / WinKernel-Resources
  A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …
  ☆116Updated last year
• VoidSec / DriverBuddyReloaded
  Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
  ☆315Updated last year
• therealdreg / masm32-kernel-programming
  masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)
  ☆114Updated last year
• namazso / MagicSigner
  Signtool for expired certificates
  ☆441Updated last year
• notpidgey / EagleVM
  Native code virtualizer for x64 binaries
  ☆355Updated this week
• namazso / physmem_drivers
  A collection of various vulnerable (mostly physical memory exposing) drivers.
  ☆312Updated 2 years ago
• Xyrem / Yumekage
  Demo proof of concept for shadow regions, and implementation of HyperDeceit.
  ☆260Updated last year
• VergiliusProject / vergilius-project
  This project provides a collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially docum…
  ☆159Updated 3 months ago
• CheckPointSW / showstopper
  ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…
  ☆195Updated 2 years ago
• zodiacon / TotalPE2
  PE Viewer
  ☆143Updated 2 months ago
• hasherezade / module_overloading
  A more stealthy variant of "DLL hollowing"
  ☆335Updated 6 months ago
• dbgsymbol / getsymbol
  ☆186Updated this week
• zhuhuibeishadiao / ntoskrnl
  The Windows Research Kernel (WRK)
  ☆168Updated 7 years ago
• ntdiff / headers
  ☆144Updated 3 weeks ago
• JustasMasiulis / wow64pp
  A modern c++ implementation of windows heavens gate
  ☆193Updated 4 years ago
• ajkhoury / ApiSet
  API Set resolver for Windows
  ☆114Updated last week
• kkent030315 / anycall
  x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
  ☆214Updated 2 years ago
• Fyyre / ntdll
  ntdll.h - compatible with MSVC 6.0, Intel C++ Compiler and MinGW. Serves as a complete replacement for Windows.h
  ☆128Updated 5 years ago