unkbyte / measured_boot_pocLinks
Leveraging TPM2 TCG Logs (Measured Boot) to Detect UEFI Drivers and Pre-Boot Applications
☆22Updated 6 months ago
Alternatives and similar repositories for measured_boot_poc
Users that are interested in measured_boot_poc are comparing it to the libraries listed below
Sorting:
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆76Updated 2 years ago
- An improved version of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆72Updated 6 months ago
- Finding Truth in the Shadows☆115Updated 2 years ago
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆44Updated 11 months ago
- Intel 64/Windows low-level experiments☆62Updated 2 months ago
- A set of LLVM and GCC based plugins that perform code obfuscation.☆132Updated last week
- Generate a PDB file given the old PDB file and an address mapping☆49Updated 2 months ago
- PEIM (UEFI) bootkit targeting OVMF (EDK2)☆40Updated last year
- Signature finder (from PE-bear)☆38Updated 2 months ago
- Detours implementation (x64/x86) which used only ntdll import☆89Updated last week
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆35Updated 3 years ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆55Updated last month
- x86-64 virtualizing obfuscator written in Rust☆76Updated last year
- Example of building an application verifer DLL☆49Updated last year
- ☆22Updated 2 years ago
- An x64dbg plugin which helps make sense of long C++ symbols☆57Updated 2 years ago
- ☆11Updated 3 years ago
- kASLR bypass technique on Intel CPUs.☆30Updated 5 months ago
- Rust implementation of lazy_importer☆57Updated 2 years ago
- Minimalistic Windows Kernel Allocator.☆49Updated last year
- rekk is set of tools written in Rust to obfuscate ELF & PE executables with nanomites.☆31Updated 10 months ago
- Rust bindings for VMProtect.☆26Updated last year
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆78Updated 4 months ago
- ntoskrnl .data hooks for UM-KM communication☆51Updated last year
- Elevate arbitrary MSR writes to kernel execution.☆38Updated 2 years ago
- ntoskrnl.exe and bootmgfw.efi obfuscated with CodeDefender☆45Updated this week
- Easy encrypt/decrypt data with TPM☆25Updated last year
- SoulExtraction is a windows driver library for extracting cert information in windows drivers☆24Updated 2 years ago
- PDB Rewriting Rust Library☆25Updated last year
- A native Windows library for intercepting kernel-to-user transitions using instrumentation callbacks☆25Updated last year