Files for http://blog.deniable.org/posts/windows-callbacks/
☆83Feb 26, 2022Updated 4 years ago
Alternatives and similar repositories for windows-ps-callbacks-experiments
Users that are interested in windows-ps-callbacks-experiments are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- windows内核安全与驱动开发代码☆12Apr 4, 2020Updated 5 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- Artemis - C++ Hell's Gate Syscall Implementation☆34Aug 16, 2023Updated 2 years ago
- ☆25May 21, 2021Updated 4 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- Minifilter Callback Patching Proof-of-Concept☆74Oct 31, 2022Updated 3 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆587Jan 24, 2023Updated 3 years ago
- Persistence techniques for windows.☆19Jun 26, 2023Updated 2 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- ☆33Dec 22, 2020Updated 5 years ago
- Silence EDRs by removing kernel callbacks☆238Dec 7, 2020Updated 5 years ago
- ☆61Aug 21, 2023Updated 2 years ago
- Security product hook detection☆327Mar 30, 2021Updated 4 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Get your data from the resource section manually, with no need for windows apis☆67Oct 22, 2024Updated last year
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆559Apr 8, 2025Updated 11 months ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- Piece of code to detect and remove hooks in IAT☆65May 30, 2022Updated 3 years ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago
- ☆511Aug 14, 2022Updated 3 years ago
- Dump the memory of any PPL with a Userland exploit chain☆352Mar 17, 2023Updated 3 years ago
- ☆29Sep 17, 2024Updated last year
- Learn Winapi in this Repo with examples, to understand its abstraction in reverse engineering for Windows.☆11Aug 8, 2022Updated 3 years ago
- ☆138Aug 2, 2022Updated 3 years ago
- research revolving the windows filtering platform callout mechanism☆39May 26, 2024Updated last year
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- ☆156Jul 31, 2022Updated 3 years ago
- Run Processes as PPL with ELAM☆177Mar 17, 2022Updated 4 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- DTrace for Windows in userspace; Frontend to ETW☆27Oct 4, 2022Updated 3 years ago
- Async rust support for the reverse-engineered Crowdstrike Falcon protocol between the Sensor and cloud services☆17Mar 10, 2023Updated 3 years ago
- The modifyed cjson that can running on windows kernel☆15Mar 21, 2023Updated 3 years ago
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- An command-line RPC method enumerator, born out of RPCView's awesomeness☆108Jul 31, 2019Updated 6 years ago
- ☆14Sep 22, 2023Updated 2 years ago
- ☆17Apr 18, 2023Updated 2 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Local privilege escalation PoC exploit for CVE-2019-16098☆201Sep 13, 2019Updated 6 years ago