therealdreg / masm32-kernel-programming
masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)
☆115Updated last year
Related projects ⓘ
Alternatives and complementary repositories for masm32-kernel-programming
- Recon 2023 slides and code☆79Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆111Updated 4 months ago
- A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …☆123Updated 2 years ago
- msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.☆148Updated 10 months ago
- Single header version of System Informer's phnt library.☆186Updated last week
- Admin to Kernel code execution using the KSecDD driver☆238Updated 7 months ago
- A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.☆85Updated last year
- x86/x64 Ring 0/-2 System Freezer/Debugger☆110Updated last month
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆115Updated 3 months ago
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆221Updated 2 years ago
- Process Injection using Thread Name☆241Updated 2 months ago
- Advanced driver monitoring utility.☆201Updated 2 years ago
- ☆111Updated 2 weeks ago
- ☆142Updated 3 months ago
- A dynamic unpacking tool☆128Updated last year
- Small tool to convert beteween the PE alignments (raw and virtual).☆81Updated last year
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆239Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆93Updated last year
- A tutorial on how to write a packer for Windows!☆248Updated 11 months ago
- A kernel vulnerability used to achieve arbitrary read-write on Windows prior to July 2022☆105Updated 2 years ago
- uefi diskless persistence technique + OVMF secureboot bypass☆52Updated 7 months ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆260Updated 10 months ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆231Updated last year
- Exploitable drivers, you know what I mean☆126Updated 7 months ago
- ☆82Updated 5 months ago
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆111Updated 2 months ago
- A Python script to download PDB files associated with a Portable Executable (PE)☆116Updated 4 months ago
- ☆135Updated last year
- Vulnerable driver research tool, result and exploit PoCs☆181Updated last year