nsacyber / Driver-ColliderLinks
Blocks drivers from loading by using a name collision technique. #nsacyber
☆49Updated 7 years ago
Alternatives and similar repositories for Driver-Collider
Users that are interested in Driver-Collider are comparing it to the libraries listed below
Sorting:
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆96Updated 4 years ago
- Windows Drivers☆99Updated 6 years ago
- Demos and presentation from SECArmy Village Grayhat 2020☆38Updated 2 years ago
- Parser for a custom executable formats from Hidden Bee and Rhadamanthys malware☆55Updated 2 weeks ago
- Hidden kernel mode code execution for bypassing modern anti-rootkits.☆84Updated 14 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆78Updated 10 years ago
- Sysmon shenanigans☆66Updated 4 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 9 years ago
- Enumerate user mode shared memory mappings on Windows.☆122Updated 4 years ago
- PoC designed to evade userland-hooking anti-virus.☆89Updated 6 years ago
- Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks☆67Updated 4 years ago
- A set of small utilities, helpers for PIN tracers☆32Updated last year
- Enumerate Windows Defender threat families and dump their names according category☆91Updated 6 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆146Updated 4 years ago
- WNF Utilities 4 Newbies (WNFUN)☆96Updated 6 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- Proof of concept memory anti-forensic toolkit designed for hiding various artifacts inside the memory dump during memory acquisition on M…☆12Updated 5 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 7 years ago
- A small library helping to parse commandline parameters (for C/C++)☆57Updated 3 months ago
- Blog posts☆30Updated 5 years ago
- Malware Analysis, Anti-Analysis, and Anti-Anti-Analysis☆45Updated 7 years ago
- r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems☆28Updated 7 years ago
- PoC for detecting and dumping process hollowing code injection☆52Updated 6 years ago
- ☆63Updated last year
- Protects deletion of files with a specified extension using a kernel-mode driver.☆76Updated 7 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆57Updated 6 years ago
- ☆22Updated 4 years ago
- I was challenged by a friend to list all the processes and drivers in a system using more "unusual" methods. By doing this I learned quit…☆14Updated 9 years ago
- DotNext 2019 St. Petersburg Talk Demos☆40Updated 6 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆61Updated last year