patrickmatula / Windows-Internals-Learning-ResourcesLinks
☆100Updated 6 months ago
Alternatives and similar repositories for Windows-Internals-Learning-Resources
Users that are interested in Windows-Internals-Learning-Resources are comparing it to the libraries listed below
Sorting:
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆116Updated 10 months ago
- ☆158Updated last month
- ☆107Updated 7 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆109Updated 8 months ago
- Analyse MSI files for vulnerabilities☆131Updated 9 months ago
- ETW based POC to identify direct and indirect syscalls☆186Updated 2 years ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆98Updated last year
- ☆155Updated 5 months ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆82Updated last year
- ☆119Updated last year
- kernel callback removal (Bypassing EDR Detections)☆167Updated 2 months ago
- ☆114Updated last month
- Recon 2023 slides and code☆79Updated last year
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆102Updated 3 weeks ago
- GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the func…☆64Updated last month
- Windows rootkit designed to work with BYOVD exploits☆198Updated 4 months ago
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆311Updated last year
- ☆107Updated 2 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆231Updated last year
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆338Updated 9 months ago
- "Service-less" driver loading☆155Updated 6 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆242Updated last month
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆216Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆79Updated 2 years ago
- Injecting DLL into LSASS at boot☆113Updated last month
- Windows Persistence IT-Security☆99Updated 2 months ago
- ☆100Updated 3 months ago
- Windows x64 kernel mode rootkit process hollowing POC.☆191Updated last year
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆144Updated 10 months ago