sam-b / windows_kernel_resources
Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits
☆356Updated 4 years ago
Related projects: ⓘ
- Examples of leaking Kernel Mode information from User Mode on Windows☆574Updated 7 years ago
- A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.☆420Updated 6 years ago
- Windows Kernel Drivers fuzzer☆289Updated 7 years ago
- Cross Platform Kernel Fuzzer Framework☆444Updated 5 years ago
- DriverBuddy is an IDA Python script to assist with the reverse engineering of Windows kernel drivers.☆350Updated 4 years ago
- Pocs for Antivirus Software‘s Kernel Vulnerabilities☆264Updated 7 years ago
- windows syscall table from xp ~ 10 rs4☆348Updated 6 years ago
- PowerLoaderEx - Advanced Code Injection Technique for x32 / x64☆356Updated 7 years ago
- Tools for instrumenting Windows Defender's mpengine.dll☆271Updated 5 years ago
- ☆390Updated 7 years ago
- A set of tutorials about code injection for Windows.☆305Updated 3 weeks ago
- Arbitrary code execution with kernel privileges using CVE-2018-8897.☆409Updated 6 years ago
- Public repository for windbglib, a wrapper around pykd.pyd (for Windbg), used by mona.py☆316Updated last year
- Automatically exported from code.google.com/p/ioctlfuzzer☆156Updated 9 years ago
- ☆227Updated 7 years ago
- Incident Response & Digital Forensics Debugging Extension☆367Updated 5 years ago
- A set of exploitation/reversing aids for IDA☆415Updated 6 years ago
- A Bochs-based instrumentation performing kernel memory taint tracking to detect disclosure of uninitialized memory to ring 3☆284Updated 5 years ago
- A Bochs-based instrumentation project designed to log kernel memory references, to identify "double fetches" and other OS vulnerabilities☆319Updated 5 years ago
- idahunt is a framework to analyze binaries with IDA Pro and hunt for things in IDA Pro☆376Updated 11 months ago
- Content from presentation at BHUSA 2017☆179Updated 7 years ago
- Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.☆308Updated 5 months ago
- Labeless is a multipurpose IDA Pro plugin system for labels/comments synchronization with a debugger backend, with complex memory dumping…☆511Updated 2 years ago
- An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.☆491Updated 5 years ago
- A curated list of Hyper-V exploitation resources, fuzzing and vulnerability research.☆382Updated 3 years ago
- A tool to detect and crash Cuckoo Sandbox☆286Updated last month
- Python scripts for reverse engineering.☆178Updated 3 years ago
- WinDBG Anti-RootKit Extension☆612Updated 4 years ago
- PEDA-like debugger UI for WinDbg☆198Updated 5 months ago
- Detect, analyze and uniquely identify crashes in Windows applications☆499Updated 2 months ago