mar-ket-vector / VXppLinks
VFGadget locator to facilitate Counterfeit Object-Oriented Programming (COOP) and Loop-Oriented Programming (LOP) attacks to bypass advanced security protections like Intel CET and Control-Flow Guard (CFG) to achieve Remote Code Execution.
☆13Updated 2 months ago
Alternatives and similar repositories for VXpp
Users that are interested in VXpp are comparing it to the libraries listed below
Sorting:
- a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor☆93Updated last year
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆222Updated 7 months ago
- Admin to Kernel code execution using the KSecDD driver☆250Updated last year
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆137Updated 2 years ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆216Updated last week
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆226Updated 7 months ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆289Updated last year
- Process Injection using Thread Name☆272Updated last month
- POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY☆193Updated last month
- ☆257Updated 2 years ago
- Reverse engineering winapi function loadlibrary.☆197Updated 2 years ago
- Windows rootkit designed to work with BYOVD exploits☆198Updated 4 months ago
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆159Updated 3 weeks ago
- Collection of different rootkit functionality, each driver representing a different rootkit component☆10Updated last week
- Injecting DLL into LSASS at boot☆113Updated last month
- MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.☆115Updated 6 months ago
- kernel callback removal (Bypassing EDR Detections)☆167Updated 2 months ago
- An example reference design for a proposed BOF PE☆168Updated last month
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆338Updated 9 months ago
- "Service-less" driver loading☆155Updated 6 months ago
- ☆169Updated 10 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆257Updated 10 months ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆118Updated 2 years ago
- A set of programs for analyzing common vulnerabilities in COM☆215Updated 8 months ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆156Updated 2 months ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆192Updated last year
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆232Updated 10 months ago
- Single header version of System Informer's phnt library.☆221Updated last week
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆63Updated last month
- A tool that is used to hunt vulnerabilities in x64 WDM drivers☆199Updated 2 months ago