nsacyber / Driver-Collider

Related projects ⓘ

Alternatives and complementary repositories for Driver-Collider

• BreakingMalwareResearch / CFGExceptions
  Adding exceptions to Microsoft's Control Flow Guard (CFG)
  ☆59Updated 8 years ago
• deroko / activationcontexthook
  ☆33Updated 7 years ago
• tandasat / RemoteWriteMonitor
  A tool to help malware analysts tell that the sample is injecting code into other process.
  ☆75Updated 9 years ago
• mattifestation / CatalogTools
  A PowerShell module to assist in parsing and managing catalog files.
  ☆20Updated 7 years ago
• mrexodia / YaraGen
  Plugin for x64dbg to generate Yara rules from function basic blocks.
  ☆35Updated 7 years ago
• hasherezade / tag_converter
  ☆21Updated 3 years ago
• deroko / SPPLUAObjectUacBypass
  ☆45Updated 6 years ago
• zodiacon / NativeApps
  Demos and presentation from SECArmy Village Grayhat 2020
  ☆36Updated last year
• marcusbotacin / Anti.Analysis
  Malware Analysis, Anti-Analysis, and Anti-Anti-Analysis
  ☆44Updated 7 years ago
• zodiacon / Blog
  Blog posts
  ☆30Updated 4 years ago
• mattifestation / MSFTTraceMessageFormat
  All TMF files that I extracted from Microsoft PDBs.
  ☆12Updated 5 years ago
• MathildeVenault / SysMainView
  This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …
  ☆30Updated 4 years ago
• EricZimmerman / SDB
  Parse Microsoft shim databases
  ☆29Updated 2 months ago
• ctxis / capemon
  CAPE monitor DLLs
  ☆38Updated 4 years ago
• Winbagility / Winbagility
  [ARCHIVED] mov rax, ${Thalium/IceBox}; jmp rax;
  ☆71Updated 5 years ago
• Sentinel-One / SKREAM
  SentinelOne's KeRnel Exploits Advanced Mitigations
  ☆52Updated 6 years ago
• own2pwn / r0ak
  r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems
  ☆26Updated 6 years ago
• bootkitsbook / bootkits
  ☆61Updated 5 years ago
• secrary / findLoop
  findLoop - find possible encryption/decryption or compression/decompression code
  ☆26Updated 5 years ago
• airbus-cert / etwbreaker
  An IDA plugin to deal with Event Tracing for Windows (ETW)
  ☆50Updated 2 years ago
• SouhailHammou / Drivers
  Windows Drivers
  ☆95Updated 5 years ago
• swwwolf / obderef
  Decrement Windows Kernel for fun and profit
  ☆39Updated 6 years ago
• psmitty7373 / eif
  Evil Reflective DLL Injection Finder
  ☆45Updated 6 years ago
• benoitsevens / applying-ttd-to-malware-analysis
  Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019
  ☆39Updated 5 years ago
• hasherezade / loaderine
  A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.
  ☆19Updated 6 years ago
• NtRaiseHardError / Dreadnought
  PoC for detecting and dumping code injection (built and extended on UnRunPE)
  ☆54Updated 6 years ago
• Fyyre / directntapi
  DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10
  ☆52Updated 8 months ago
• secabstraction / PowerWalker
  ☆21Updated 8 years ago