mrexodia / perfect-dll-proxy

Related projects: ⓘ

• zer0condition / ZeroHVCI
  Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…
  ☆151Updated 2 months ago
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆232Updated 5 months ago
• janoglezcampos / llvm-yx-callobfuscator
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆247Updated 8 months ago
• Dump-GUY / IDA_PHNT_TYPES
  Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).
  ☆101Updated 3 weeks ago
• hasherezade / thread_namecalling
  Process Injection using Thread Name
  ☆228Updated 3 weeks ago
• hfiref0x / WubbabooMark
  Debugger Anti-Detection Benchmark
  ☆283Updated 9 months ago
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆227Updated last year
• alexander-hanel / msdocsviewer
  msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.
  ☆148Updated 8 months ago
• Xyrem / Yumekage
  Demo proof of concept for shadow regions, and implementation of HyperDeceit.
  ☆260Updated last year
• klezVirus / DriverJack
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆272Updated last month
• ElliotKillick / LdrLockLiberator
  For when DLLMain is the only way
  ☆340Updated 4 months ago
• KiFilterFiberContext / warbird-hook
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆229Updated 2 years ago
• thesecretclub / SandboxBootkit
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆251Updated 2 years ago
• mrexodia / phnt-single-header
  Single header version of System Informer's phnt library.
  ☆172Updated 3 months ago
• nbs32k / inline-syscall
  Inline syscalls made for MSVC supporting x64 and WOW64
  ☆172Updated last year
• OALabs / uwudbg-theme
  The best theme for x64dbg!
  ☆78Updated 2 years ago
• zer0condition / ZeroThreadKernel
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆150Updated last year
• CognisysGroup / SweetDreams
  Implementation of Advanced Module Stomping and Heap/Stack Encryption
  ☆206Updated last year
• namazso / MagicSigner
  Signtool for expired certificates
  ☆441Updated last year
• Oliver-1-1 / GhostMapper
  ☆212Updated last week
• ioncodes / ceload
  Loading dbk64.sys and grabbing a handle to it
  ☆148Updated 2 years ago
• ergrelet / themida-unmutate
  Static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
  ☆202Updated last month
• notpidgey / EagleVM
  Native code virtualizer for x64 binaries
  ☆355Updated this week
• SamuelTulach / PwnedBoot
  Using Windows' own bootloader as a shim to bypass Secure Boot
  ☆128Updated 2 months ago
• eversinc33 / unKover
  PoC Anti-Rootkit to uncover Windows Drivers/Rootkits mapped to Kernel Memory.
  ☆138Updated this week
• Cracked5pider / LdrLibraryEx
  A small x64 library to load dll's into memory.
  ☆422Updated 10 months ago
• alfarom256 / CVE-2022-3699
  Lenovo Diagnostics Driver EoP - Arbitrary R/W
  ☆168Updated last year
• AdamOron / PatchGuardBypass
  Bypassing PatchGuard on modern x64 systems
  ☆238Updated last year
• ThatLing / limba
  compile-time control flow obfuscation using mba
  ☆172Updated last year
• yardenshafir / IoRingReadWritePrimitive
  Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2
  ☆221Updated 2 years ago