nsacyber / Driver-Collider
Blocks drivers from loading by using a name collision technique. #nsacyber
☆49Updated 7 years ago
Alternatives and similar repositories for Driver-Collider:
Users that are interested in Driver-Collider are comparing it to the libraries listed below
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 8 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- SentinelOne's KeRnel Exploits Advanced Mitigations☆53Updated 6 years ago
- Blog posts☆30Updated 4 years ago
- Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019☆40Updated 5 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆77Updated 9 years ago
- ☆22Updated 4 years ago
- Enumerate user mode shared memory mappings on Windows.☆120Updated 4 years ago
- Windows Drivers☆97Updated 6 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆56Updated 6 years ago
- Demos and presentation from SECArmy Village Grayhat 2020☆38Updated 2 years ago
- Decrement Windows Kernel for fun and profit☆38Updated 7 years ago
- WNF Utilities 4 Newbies (WNFUN)☆94Updated 6 years ago
- Anti-Anti-VM solution via Windows Driver☆57Updated 6 years ago
- Parsers for custom malware formats ("Funky malware formats")☆96Updated 3 years ago
- Driver Initial Reconnaissance Tool☆123Updated 5 years ago
- All TMF files that I extracted from Microsoft PDBs.☆12Updated 5 years ago
- PoC for detecting and dumping process hollowing code injection☆51Updated 6 years ago
- Various WinDbg extensions and scripts☆31Updated 6 years ago
- ☆29Updated 6 years ago
- A set of small utilities, helpers for PIN tracers☆33Updated last year
- Python 3 - Manipulation and conversation with different data type (Bytes operations)☆26Updated 3 years ago
- ☆33Updated 7 years ago
- ☆45Updated 6 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆43Updated 7 months ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆131Updated 4 years ago
- CAPE monitor DLLs☆39Updated 5 years ago
- ☆33Updated 3 years ago
- [ARCHIVED] mov rax, ${Thalium/IceBox}; jmp rax;☆73Updated 5 years ago