nsacyber / Driver-ColliderLinks
Blocks drivers from loading by using a name collision technique. #nsacyber
☆49Updated 7 years ago
Alternatives and similar repositories for Driver-Collider
Users that are interested in Driver-Collider are comparing it to the libraries listed below
Sorting:
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆146Updated 4 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆78Updated 9 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆96Updated 4 years ago
- Demos and presentation from SECArmy Village Grayhat 2020☆38Updated 2 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆43Updated 10 months ago
- Windows Drivers☆99Updated 6 years ago
- Proof of concept memory anti-forensic toolkit designed for hiding various artifacts inside the memory dump during memory acquisition on M…☆12Updated 5 years ago
- ☆22Updated 4 years ago
- Hidden kernel mode code execution for bypassing modern anti-rootkits.☆84Updated 14 years ago
- PoC designed to evade userland-hooking anti-virus.☆89Updated 6 years ago
- Enumerate Windows Defender threat families and dump their names according category☆90Updated 6 years ago
- Enumerate user mode shared memory mappings on Windows.☆122Updated 4 years ago
- CAPE monitor DLLs☆41Updated 5 years ago
- WNF Utilities 4 Newbies (WNFUN)☆96Updated 6 years ago
- Sysmon shenanigans☆66Updated 4 years ago
- A set of small utilities, helpers for PIN tracers☆32Updated last year
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- PoC for detecting and dumping process hollowing code injection☆51Updated 6 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 9 years ago
- Blog posts☆30Updated 4 years ago
- Plugin for x64dbg to generate Yara rules from function basic blocks.☆36Updated 7 years ago
- Named pipe I/O ETW provider for Windows☆70Updated 5 years ago
- Exploits I've authored☆60Updated 5 years ago
- ☆34Updated 7 years ago
- r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems☆27Updated 7 years ago
- DotNext 2019 St. Petersburg Talk Demos☆40Updated 6 years ago
- AutoIt Analysis Library: Parser & Emulator For Malware Researchers☆21Updated 6 years ago
- Protects deletion of files with a specified extension using a kernel-mode driver.☆76Updated 7 years ago
- Evil Reflective DLL Injection Finder☆47Updated 6 years ago
- Miscellaneous Code and Docs☆81Updated 3 weeks ago