Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No test signing mode is required.
☆23Jun 16, 2024Updated last year
Alternatives and similar repositories for recon2024_demo
Users that are interested in recon2024_demo are comparing it to the libraries listed below
Sorting:
- Report and exploit of CVE-2024-21305.☆41Jan 14, 2024Updated 2 years ago
- .lib file for linking against the NT CRT☆19Mar 18, 2022Updated 3 years ago
- ☆93Jun 3, 2024Updated last year
- POC Hook of nt!HvcallCodeVa☆54May 8, 2023Updated 2 years ago
- EdgyBot: A partially AFK Edgenuity Bot brought to you by EdgePlus+. Works on 99% of assignments offered by Edgenuity. It does all non tes…☆22Jan 27, 2024Updated 2 years ago
- An advanced DKOM for drivers with "DRIVER_OBJECT"☆22Feb 19, 2023Updated 3 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆84Dec 21, 2022Updated 3 years ago
- Exploit POC for CVE-2024-36877☆48Aug 14, 2024Updated last year
- ☆29Mar 9, 2024Updated 2 years ago
- load unsigned kernel-driver by patching dse in 248 lines☆146Mar 22, 2024Updated last year
- ☆12Jul 12, 2022Updated 3 years ago
- ☆18Feb 6, 2019Updated 7 years ago
- just proof of concept. hooking MmCopyMemory PG safe.☆83Nov 13, 2023Updated 2 years ago
- Different tools for Microsoft Hyper-V researching☆64Feb 26, 2026Updated last week
- Rookit and anti rookit on Windows platform☆14Apr 30, 2024Updated last year
- Library to manipulate drivers that expose a physical memory read/write primitive.☆41Sep 4, 2023Updated 2 years ago
- research revolving the windows filtering platform callout mechanism☆39May 26, 2024Updated last year
- Collection of hypervisor detections☆298Sep 25, 2024Updated last year
- POC kernel driver with hidden system thread☆13May 14, 2024Updated last year
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆36Updated this week
- Simple and lightweight hypervisor for AMD processors☆44Oct 25, 2025Updated 4 months ago
- Binary Ninja plugin to perform automated analysis of Windows drivers��☆20Aug 8, 2019Updated 6 years ago
- Virtual and physical memory hacking library using gigabyte vulnerable driver☆71Apr 9, 2023Updated 2 years ago
- ☆22Oct 18, 2023Updated 2 years ago
- ☆23Oct 15, 2024Updated last year
- ☆24May 26, 2021Updated 4 years ago
- ☆23May 8, 2023Updated 2 years ago
- Using MMIO (Memory-Mapped I/O) to read TPM 2.0 public Endorsement Key.☆54May 29, 2024Updated last year
- ☆23Jul 24, 2023Updated 2 years ago
- Bypassing kernel patch protection runtime☆22Feb 19, 2023Updated 3 years ago
- ☆145Dec 10, 2022Updated 3 years ago
- <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" xml:lang="en" class=…☆10Jun 13, 2017Updated 8 years ago
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆119Oct 15, 2024Updated last year
- This repo contains PoCs for vulnerable Windows drivers.☆131Dec 20, 2025Updated 2 months ago
- Small tool to convert beteween the PE alignments (raw and virtual).☆112Dec 28, 2022Updated 3 years ago
- A collection of useful HyperDbg scripts☆27Aug 22, 2024Updated last year
- reverse engineering of the windows nt kernel debugger protocol & reimplementation.☆36Jul 2, 2024Updated last year
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Apr 13, 2023Updated 2 years ago
- UEFI Bootkit Framework that attacks boot-time Code Integrity☆118Dec 15, 2025Updated 2 months ago