trailofbits / WinDbg-JS
☆23Updated last year
Alternatives and similar repositories for WinDbg-JS:
Users that are interested in WinDbg-JS are comparing it to the libraries listed below
- Extract data of TTD trace file to a minidump☆28Updated last year
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆26Updated last year
- Winbindex bot to pull in binaries for specific releases☆47Updated last year
- Repository of Microsoft Driver Block Lists based off of OS-builds☆39Updated 11 months ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- ☆29Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆73Updated last year
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆16Updated 9 months ago
- ☆20Updated 2 months ago
- ☆29Updated 3 months ago
- ☆18Updated 4 years ago
- Command like tool to print mitigation flags for running processes in a memory dump☆46Updated 4 years ago
- Uses ghidra to find all ETW write metadata for each API in a PE file☆15Updated 8 months ago
- Small tool to play with IOCs caused by Imageload events☆42Updated last year
- ☆25Updated 2 years ago
- Clone running process with ZwCreateProcess☆57Updated 4 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆32Updated 3 years ago
- ☆25Updated last month
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆30Updated 9 months ago
- List the ETW provider(s) in the registration table of a process.☆57Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆19Updated 2 weeks ago
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆26Updated 2 years ago
- Extracted lua script from Defender mpavbase.vdm and mpasbase.vdm☆13Updated 8 months ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆52Updated 2 years ago
- A few examples of how to trap virtual memory access on Windows.☆29Updated 3 months ago
- Inter-Process Communication Mechanisms☆26Updated 4 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Updated 3 years ago
- CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK)☆44Updated 5 months ago
- call gates as stable comunication channel for NT x86 and Linux x86_64☆31Updated last year
- Enabled / Disable LSA Protection via BYOVD☆66Updated 3 years ago