trailofbits / WinDbg-JS
☆23Updated last year
Alternatives and similar repositories for WinDbg-JS:
Users that are interested in WinDbg-JS are comparing it to the libraries listed below
- Extract data of TTD trace file to a minidump☆28Updated last year
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆26Updated last year
- ☆29Updated last year
- Repository of Microsoft Driver Block Lists based off of OS-builds☆39Updated last year
- ☆18Updated 4 years ago
- Winbindex bot to pull in binaries for specific releases☆47Updated last year
- Small tool to play with IOCs caused by Imageload events☆42Updated last year
- A few examples of how to trap virtual memory access on Windows.☆29Updated 4 months ago
- ☆20Updated 3 months ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- Windows kernel PDB data parsed into YAML☆36Updated 5 months ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆76Updated last year
- ☆30Updated 4 months ago
- ☆42Updated 3 weeks ago
- call gates as stable comunication channel for NT x86 and Linux x86_64☆31Updated last year
- Uses ghidra to find all ETW write metadata for each API in a PE file☆17Updated 8 months ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆32Updated 3 years ago
- Command like tool to print mitigation flags for running processes in a memory dump☆46Updated 4 years ago
- ☆20Updated 2 years ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆16Updated 9 months ago
- Clone running process with ZwCreateProcess☆57Updated 4 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Updated 3 years ago
- ☆25Updated 2 years ago
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆27Updated 2 years ago
- ☆84Updated 10 months ago
- A VMWare logger using built-in backdoor.☆29Updated 6 months ago
- A C++ PoC implementation for enumerating Windows Fibers directly from memory☆18Updated 11 months ago
- RenameLocalVars is an IDA plugin that renames local variables to something easier to read.☆15Updated last year
- A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering☆35Updated 3 months ago
- A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.☆34Updated 2 months ago