therealdreg / dregate
call gates as stable comunication channel for NT x86 and Linux x86_64
☆31Updated last year
Alternatives and similar repositories for dregate:
Users that are interested in dregate are comparing it to the libraries listed below
- A few examples of how to trap virtual memory access on Windows.☆29Updated 4 months ago
- ☆30Updated 4 months ago
- ☆42Updated 3 weeks ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- Callstack spoofing using a VEH because VEH all the things.☆21Updated last month
- 64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free☆61Updated 2 years ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆71Updated this week
- CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK)☆44Updated 6 months ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆26Updated last year
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- Windows AppLocker Driver (appid.sys) LPE☆54Updated 8 months ago
- Analysis of the vulnerability☆51Updated last year
- ☆29Updated last year
- Reimplementation of the KExecDD DSE bypass technique.☆47Updated 7 months ago
- Enabled / Disable LSA Protection via BYOVD☆66Updated 3 years ago
- e(X)tensiable (Rust) Malware Toolkit: (Soon!) Full Featured Rust C2 Framework with Awesome Features!☆24Updated 8 months ago
- A more reliable way of resolving syscall numbers in Windows☆49Updated last year
- A C++ PoC implementation for enumerating Windows Fibers directly from memory☆18Updated 11 months ago
- ☆21Updated 11 months ago
- A work in progress BOF/COFF loader in Rust☆47Updated 2 years ago
- Mentally ill EtwTi parser☆36Updated 3 weeks ago
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆15Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- idk man this was the default github name☆35Updated 2 years ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆37Updated last week
- API Hammering with C++20☆46Updated 2 years ago
- ☆108Updated 2 years ago
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆50Updated last year
- ☆35Updated last month
- PEIM (UEFI) bootkit targeting OVMF (EDK2)☆34Updated last year