tandasat / recon2024_demoLinks
Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No test signing mode is required.
☆21Updated last year
Alternatives and similar repositories for recon2024_demo
Users that are interested in recon2024_demo are comparing it to the libraries listed below
Sorting:
- Symbolic Execution based on lifting amd64 to z3☆28Updated last year
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆57Updated 10 months ago
- A large collection of 32bit and 64bit PE files useful for verifying the correctness of bin2bin transformations☆54Updated last year
- intel vt-x type 2 hypervisor☆56Updated 4 months ago
- How Meltdown and Spectre haunt Anti-Cheat: DVRT details☆22Updated last year
- x86-64 user mode emulation using Zydis☆55Updated this week
- Me fockin' pe protector☆45Updated 2 years ago
- Windows PDB parser for kernel-mode environment.☆100Updated 2 months ago
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆61Updated last year
- Type 2 Hypervisor for security research supported by AMD-V hardware assisted virtualization☆40Updated 2 years ago
- Simple anti-instrumentation with EFLAGS.AC☆18Updated 4 months ago
- POC Hook of nt!HvcallCodeVa☆52Updated 2 years ago
- This is a ring -1 header framework in order to simplify the creation of hypervisors on SVM☆26Updated last year
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆51Updated 4 years ago
- A basic 100 loc CPU emulator using the existing code of ntoskrnl.exe☆72Updated 2 years ago
- A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)☆81Updated last year
- Kernel ReClassEx☆64Updated last year
- Binary rewriter for 64-bit PE files.☆85Updated last year
- Yet another IDA Pro/Home plugin for deobfuscating stack strings☆62Updated 3 weeks ago
- My research WIP bluepill hypervisor☆41Updated 2 years ago
- A repository of IDA Databases and Binaries used for the analysis of popular commercial virtual-machine obfuscators☆70Updated 2 years ago
- Visual Studio Project example for using Microsoft's STL in WDM (Windows Kernel-mode Driver)☆25Updated 4 years ago
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆67Updated 2 years ago
- Windows kernel driver template for cmkr (with testsigning).☆37Updated 2 years ago
- Lightweight PDB symbol parser and resolver☆26Updated 9 months ago
- Elevate arbitrary MSR writes to kernel execution.☆38Updated last year
- A collection of LLVM passes for obfuscating☆36Updated 2 years ago
- Another UEFI runtime bootkit☆30Updated 2 years ago
- devirtualization vmprotect☆62Updated 2 years ago
- A efi-runner and message logger for vmware.☆12Updated 3 months ago