Hades HIDS/HIPS for Windows
☆307Oct 10, 2025Updated 4 months ago
Alternatives and similar repositories for Hades-Windows
Users that are interested in Hades-Windows are comparing it to the libraries listed below
Sorting:
- Hades is a Host-Based Intrusion Detection System based on both eBPF(kernel) and netlink/cn_proc(userspace).☆28Dec 14, 2024Updated last year
- Windows CVE主防(HIPS/HIDS)☆57Apr 29, 2021Updated 4 years ago
- VT Hook☆51Jul 2, 2024Updated last year
- Windows Anti-Rootkit Tool☆546Dec 31, 2025Updated 2 months ago
- It's a minifilter used for transparent-encrypting.☆343Jul 28, 2025Updated 7 months ago
- ☆174Sep 9, 2020Updated 5 years ago
- VM一键加壳/脱壳,全压缩,反调试等☆340Jul 6, 2024Updated last year
- Radical Windows ARK☆251Apr 18, 2025Updated 10 months ago
- 戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑☆536Oct 25, 2023Updated 2 years ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆319Mar 20, 2024Updated last year
- 从MmPfnData中枚举进程和页目录基址☆207Aug 18, 2023Updated 2 years ago
- The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层…☆373Feb 19, 2025Updated last year
- Analyze Windows x64 Kernel Memory Layout☆129Nov 19, 2020Updated 5 years ago
- windows kernel pagehook☆42Oct 30, 2022Updated 3 years ago
- Using NtCreateFile and NtDeviceIoControlFile to realize the function of winsock(利用NtCreateFile和NtDeviceIoControlFile 实现winsock的功能)☆128Sep 9, 2022Updated 3 years ago
- Security product hook detection☆327Mar 30, 2021Updated 4 years ago
- https://key08.com/index.php/2021/10/19/1375.html☆71May 11, 2022Updated 3 years ago
- Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)☆305Nov 30, 2024Updated last year
- ☆308May 11, 2023Updated 2 years ago
- 40行代码检测到大部分CobaltStrike的shellcode☆294Jul 25, 2021Updated 4 years ago
- 检测绝大部分所谓的内存免杀马☆735Sep 15, 2022Updated 3 years ago
- Call NtCreateUserProcess directly as normal.☆77May 17, 2022Updated 3 years ago
- Open-source EDR kernel-component for system monitoring and DLL injection☆33Nov 14, 2020Updated 5 years ago
- 隐藏可执行内存☆267Apr 27, 2025Updated 10 months ago
- Hook system calls on Windows by using Kaspersky's hypervisor☆1,281Feb 14, 2026Updated 2 weeks ago
- iMonitor(冰镜 - 终端行为分析系统)☆821Feb 1, 2026Updated last month
- 研究和移除各种内核回调,在anti anti cheat的路上越走越远☆183Aug 26, 2022Updated 3 years ago
- Windows一键检测应急响应服务工具/r3数据采集☆100Apr 5, 2022Updated 3 years ago
- kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x☆443Nov 29, 2021Updated 4 years ago
- 句柄提权 无视反作弊读写游戏内存 用于分析游戏结构工具☆150Aug 29, 2021Updated 4 years ago
- Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…☆1,294Jun 21, 2024Updated last year
- Quick check of NT kernel exported&unexported functions/global variable offset NT内核导出以及未导出函数+全局变量偏移速查☆98Mar 30, 2023Updated 2 years ago
- 之前那份是7600的,每次编译搞得好麻烦。更新一个VS2017可以直接编译的。☆154Jun 5, 2019Updated 6 years ago
- iDefender - The Infinite Potential Host Intrusion Prevention System (HIPS) & Real-time Endpoint Detection and Response for Home☆304Feb 9, 2026Updated 3 weeks ago
- 蓝队应急工具☆542Jun 10, 2024Updated last year
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆216Sep 17, 2019Updated 6 years ago
- Reverse engineered source code of the autochk rootkit☆210Nov 1, 2019Updated 6 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆219Nov 12, 2020Updated 5 years ago
- 在线安软识别☆12Aug 6, 2025Updated 6 months ago