Files for http://blog.deniable.org/posts/windows-callbacks/
☆77Feb 26, 2022Updated 4 years ago
Alternatives and similar repositories for windows-ps-callbacks-experiments
Users that are interested in windows-ps-callbacks-experiments are comparing it to the libraries listed below
Sorting:
- windows内核安全与驱动开发代码☆12Apr 4, 2020Updated 5 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- Artemis - C++ Hell's Gate Syscall Implementation☆34Aug 16, 2023Updated 2 years ago
- ☆33Dec 22, 2020Updated 5 years ago
- ☆25May 21, 2021Updated 4 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- Learn Winapi in this Repo with examples, to understand its abstraction in reverse engineering for Windows.☆11Aug 8, 2022Updated 3 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆588Jan 24, 2023Updated 3 years ago
- Minifilter Callback Patching Proof-of-Concept☆74Oct 31, 2022Updated 3 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- Dump the memory of any PPL with a Userland exploit chain☆350Mar 17, 2023Updated 2 years ago
- Run Processes as PPL with ELAM☆177Mar 17, 2022Updated 3 years ago
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- ☆61Aug 21, 2023Updated 2 years ago
- ☆29Sep 17, 2024Updated last year
- Security product hook detection☆327Mar 30, 2021Updated 4 years ago
- Open-source EDR kernel-component for system monitoring and DLL injection☆33Nov 14, 2020Updated 5 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- research revolving the windows filtering platform callout mechanism☆39May 26, 2024Updated last year
- Piece of code to detect and remove hooks in IAT☆65May 30, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- ☆137Aug 2, 2022Updated 3 years ago
- ☆505Aug 14, 2022Updated 3 years ago
- ☆17Apr 18, 2023Updated 2 years ago
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago
- ☆153Jul 31, 2022Updated 3 years ago
- An command-line RPC method enumerator, born out of RPCView's awesomeness☆108Jul 31, 2019Updated 6 years ago
- Bypassing PatchGuard on modern x64 systems☆265Apr 9, 2023Updated 2 years ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- Async rust support for the reverse-engineered Crowdstrike Falcon protocol between the Sensor and cloud services☆17Mar 10, 2023Updated 2 years ago
- CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM☆163Dec 24, 2022Updated 3 years ago
- DTrace for Windows in userspace; Frontend to ETW☆27Oct 4, 2022Updated 3 years ago
- Persistence techniques for windows.☆19Jun 26, 2023Updated 2 years ago