mtth-bfft / ntsecLinks
Standalone tool to explore the security model of Windows and its NT kernel. Use it to introspect privilege assignments and access right assignments, enumerate attack surfaces from the point of view of a sandboxed process, etc.
☆33Updated 6 years ago
Alternatives and similar repositories for ntsec
Users that are interested in ntsec are comparing it to the libraries listed below
Sorting:
- Blog posts☆30Updated 5 years ago
- Windows Drivers☆99Updated 6 years ago
- Process reimaging proof of concept code☆96Updated 6 years ago
- PoC for Bypassing UM Hooks By Bruteforcing Intel Syscalls☆39Updated 9 years ago
- ☆50Updated 5 years ago
- DLL Injection Library & Tools☆73Updated 9 years ago
- PoC designed to evade userland-hooking anti-virus.☆90Updated 6 years ago
- Analyze and attack windows applications using dll hijacking vulnerabilities☆58Updated 6 years ago
- ☆34Updated 8 years ago
- Simple 32/64-bit PEs loader.☆138Updated 6 years ago
- Sysmon shenanigans☆66Updated 4 years ago
- C++☆79Updated 9 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆98Updated 4 years ago
- Driver Initial Reconnaissance Tool☆123Updated 5 years ago
- Malware Analysis, Anti-Analysis, and Anti-Anti-Analysis☆45Updated 8 years ago
- a program to detect reflective dll injection on a live machine☆74Updated 9 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 9 years ago
- ☆45Updated 7 years ago
- CAPE monitor DLLs☆41Updated 5 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆36Updated 4 years ago
- Reflective Polymorphism☆106Updated 7 years ago
- A simple API monitor for Windbg☆63Updated 8 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆21Updated 7 years ago
- A C++ POC for process injection using NtCreateSectrion, NtMapViewOfSection and RtlCreateUserThread. Credit to @spotheplanet for his notes…☆43Updated 4 years ago
- Shim database persistence (Fin7 TTP)☆37Updated 5 years ago
- Kernel mode windows NT API logger☆22Updated 6 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆78Updated 10 years ago
- A minimal tool to extract shellcode from 64-bit PE binaries.☆51Updated 4 years ago
- A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.☆99Updated 7 years ago
- ☆16Updated 4 years ago