nsacyber / Driver-Collider
Blocks drivers from loading by using a name collision technique. #nsacyber
☆45Updated 7 years ago
Alternatives and similar repositories for Driver-Collider:
Users that are interested in Driver-Collider are comparing it to the libraries listed below
- A tool to help malware analysts tell that the sample is injecting code into other process.☆77Updated 9 years ago
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆52Updated last year
- Plugin for x64dbg to generate Yara rules from function basic blocks.☆35Updated 7 years ago
- A small library helping to parse commandline parameters (for C/C++)☆55Updated last year
- Blog posts☆30Updated 4 years ago
- A set of small utilities, helpers for PIN tracers☆31Updated last year
- Decrement Windows Kernel for fun and profit☆38Updated 7 years ago
- Windows Drivers☆97Updated 5 years ago
- Driver Initial Reconnaissance Tool☆122Updated 5 years ago
- SentinelOne's KeRnel Exploits Advanced Mitigations☆53Updated 6 years ago
- Parse Microsoft shim databases☆30Updated 2 months ago
- Demos and presentation from SECArmy Village Grayhat 2020☆37Updated 2 years ago
- Malware Analysis, Anti-Analysis, and Anti-Anti-Analysis☆45Updated 7 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 8 years ago
- PoC for detecting and dumping process hollowing code injection☆51Updated 6 years ago
- ☆22Updated 4 years ago
- ☆45Updated 6 years ago
- CAPE monitor DLLs☆39Updated 5 years ago
- All TMF files that I extracted from Microsoft PDBs.☆12Updated 5 years ago
- Process / thread-level system call tracer for Windows 7 / 8 / 2008 / 2012☆21Updated 9 years ago
- r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems☆26Updated 6 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 6 years ago
- Archive of ransomware decryptors☆29Updated 7 years ago
- Scripts to prepare Windows system for debugging.☆30Updated 4 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆41Updated 6 months ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆52Updated 2 years ago
- Hidden kernel mode code execution for bypassing modern anti-rootkits.☆81Updated 14 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆56Updated 6 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago