Reverse engineered source code of the autochk rootkit
☆210Nov 1, 2019Updated 6 years ago
Alternatives and similar repositories for autochk-rootkit
Users that are interested in autochk-rootkit are comparing it to the libraries listed below
Sorting:
- 简单安排一下 autochk.sys 这个rootkit☆73Mar 7, 2023Updated 2 years ago
- Research on Windows Kernel Executive Callback Objects☆315Feb 22, 2020Updated 6 years ago
- Hide codes/data in the kernel address space.☆188May 8, 2021Updated 4 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆109Apr 24, 2020Updated 5 years ago
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆65Jun 19, 2019Updated 6 years ago
- win10 pgContext dynamic dump (btc version)☆110Jan 15, 2020Updated 6 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- a frame of amd-v svm nest☆53Apr 7, 2020Updated 5 years ago
- ☆116Oct 1, 2019Updated 6 years ago
- HTTP/HTTPS/DNS inspector (windows driver)☆27Feb 20, 2019Updated 7 years ago
- ☆39Oct 29, 2020Updated 5 years ago
- exploit termdd.sys(support kb4499175)☆61Jul 15, 2019Updated 6 years ago
- APC Internals Research Code☆169Jun 28, 2020Updated 5 years ago
- PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)☆167May 27, 2021Updated 4 years ago
- System call hook for Windows 10 20H1☆496Jun 26, 2021Updated 4 years ago
- Toolkit for Hyper-V security research☆157Mar 7, 2022Updated 3 years ago
- The program draws with win32k gdi functions in the kernel while NtGdiDdDDISubmitCommand is being hooked.☆345Apr 27, 2020Updated 5 years ago
- Windows CVE主防(HIPS/HIDS)☆57Apr 29, 2021Updated 4 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- Kernel Pool Monitor☆127Mar 6, 2022Updated 3 years ago
- For Example. See Miro's Blog☆30Nov 26, 2022Updated 3 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆902Nov 21, 2019Updated 6 years ago
- Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable …☆23Sep 18, 2017Updated 8 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆219Nov 12, 2020Updated 5 years ago
- 滥用cow机制进行全局注入☆99Jan 1, 2021Updated 5 years ago
- All Nt Syscall and W32k Syscall in one asm, include, and call it!☆58Nov 4, 2021Updated 4 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Apr 4, 2020Updated 5 years ago
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆36Jan 12, 2022Updated 4 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated last year
- NINA: No Injection, No Allocation x64 Process Injection Technique☆227Jun 9, 2020Updated 5 years ago
- Protects deletion of files with a specified extension using a kernel-mode driver.☆76Jul 16, 2018Updated 7 years ago
- Open Course for diving security internal☆52Nov 11, 2019Updated 6 years ago
- x64 free protect Features 1.process/thread handle protect 2.anti taskmgr.exe 3.hide process 4.anti-debugger(user/kernel debugger)☆87Apr 3, 2019Updated 6 years ago
- first commit☆64Oct 29, 2020Updated 5 years ago
- Intercepting DeviceControl via WPP☆138Nov 18, 2019Updated 6 years ago
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆722Aug 5, 2020Updated 5 years ago
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆541Sep 2, 2022Updated 3 years ago
- windows rpc 使用MIDL+RPC实现HelloWorld☆23Mar 21, 2018Updated 7 years ago