trailofbits / WinDbg-JS
☆23Updated 9 months ago
Related projects: ⓘ
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆24Updated last year
- Extract data of TTD trace file to a minidump☆28Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆49Updated last year
- Repository of Microsoft Driver Block Lists based off of OS-builds☆38Updated 5 months ago
- Small tool to play with IOCs caused by Imageload events☆37Updated last year
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- Winbindex bot to pull in binaries for specific releases☆44Updated last year
- Enabled / Disable LSA Protection via BYOVD☆61Updated 2 years ago
- Clone running process with ZwCreateProcess☆58Updated 3 years ago
- ☆17Updated 3 years ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆12Updated 2 months ago
- Piece of code to detect and remove hooks in IAT☆51Updated 2 years ago
- ☆26Updated 2 months ago
- HEVD Exploit: BufferOverflowNonPagedPoolNx on Windows 10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion☆36Updated last month
- ☆81Updated 3 months ago
- ☆23Updated 10 months ago
- ☆25Updated 10 months ago
- Rust bindings to the System Informer's (formerly known as Process Hacker) "phnt" native Windows headers☆35Updated this week
- call gates as stable comunication channel for NT x86 and Linux x86_64☆28Updated last year
- A small tool to unmap PE memory dumps.☆11Updated 10 months ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆86Updated 2 years ago
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆27Updated last year
- ☆96Updated 2 years ago
- List the ETW provider(s) in the registration table of a process.☆49Updated 11 months ago
- ☆16Updated this week
- Minifilter Callback Patching Proof-of-Concept☆59Updated last year
- Manually perform syscalls without going through any external API or DLL.☆16Updated last year
- ☆24Updated 5 months ago
- Local OXID Resolver (LCLOR) : Research and Tooling☆31Updated 3 years ago
- ☆27Updated last year