mar-ket-vector / VXppLinks
VFGadget locator to facilitate Counterfeit Object-Oriented Programming (COOP) and Loop-Oriented Programming (LOP) attacks to bypass advanced security protections like Intel CET and Control-Flow Guard (CFG) to achieve Remote Code Execution.
☆16Updated 4 months ago
Alternatives and similar repositories for VXpp
Users that are interested in VXpp are comparing it to the libraries listed below
Sorting:
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆296Updated last year
- Process Injection using Thread Name☆274Updated 3 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆228Updated 8 months ago
- ☆175Updated 11 months ago
- NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (eithe…☆137Updated last week
- Rewrite and obfuscate code in compiled binaries☆115Updated this week
- Reverse engineering winapi function loadlibrary.☆203Updated 2 years ago
- Admin to Kernel code execution using the KSecDD driver☆251Updated last year
- An example of an external LLVM plugin module transform pass for the latest versions.☆14Updated 7 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆224Updated last month
- A tool that is used to hunt vulnerabilities in x64 WDM drivers☆206Updated 3 months ago
- POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY☆196Updated 3 months ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆146Updated 10 months ago
- a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor☆105Updated last year
- Windows KASLR bypass using prefetch side-channel☆112Updated last year
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆184Updated last month
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆231Updated 9 months ago
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆229Updated 3 years ago
- Obfusk8: lightweight Obfuscation library based on C++17 / Header Only for windows binaries☆310Updated last month
- An x86-64 code virtualizer for VM based obfuscation☆126Updated 6 months ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆139Updated 2 years ago
- Vulnerable driver research tool, result and exploit PoCs☆195Updated last year
- Single header version of System Informer's phnt library.☆226Updated last week
- PoCs for Kernelmode rootkit techniques research.☆377Updated 5 months ago
- A set of LLVM and GCC based plugins that perform code obfuscation.☆126Updated 3 weeks ago
- ☆91Updated last year
- This repo contains EXPs about Vulnerable Windows Driver☆46Updated last year
- kernel callback removal (Bypassing EDR Detections)☆179Updated 3 months ago
- REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""☆13Updated 3 months ago
- Finding Truth in the Shadows☆110Updated 2 years ago