unkbyte / measured_boot_pocLinks
Leveraging TPM2 TCG Logs (Measured Boot) to Detect UEFI Drivers and Pre-Boot Applications
☆19Updated 6 months ago
Alternatives and similar repositories for measured_boot_poc
Users that are interested in measured_boot_poc are comparing it to the libraries listed below
Sorting:
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆73Updated 2 years ago
- PEIM (UEFI) bootkit targeting OVMF (EDK2)☆36Updated last year
- A set of LLVM and GCC based plugins that perform code obfuscation.☆130Updated last month
- Finding Truth in the Shadows☆116Updated 2 years ago
- Example of building an application verifer DLL☆49Updated last year
- A VMWare logger using built-in backdoor.☆29Updated 11 months ago
- Detours implementation (x64/x86) which used only ntdll import☆90Updated last year
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆43Updated 10 months ago
- Rust implementation of lazy_importer☆57Updated 2 years ago
- An improved version of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆72Updated 6 months ago
- ☆22Updated 2 years ago
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆31Updated 3 years ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆48Updated 3 weeks ago
- Intel 64/Windows low-level experiments☆62Updated last month
- x86-64 virtualizing obfuscator written in Rust☆78Updated last year
- Rust bindings for VMProtect.☆26Updated last year
- ☆11Updated 3 years ago
- kASLR bypass technique on Intel CPUs.☆30Updated 4 months ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆68Updated 5 months ago
- Signature finder (from PE-bear)☆39Updated last month
- ☆50Updated 2 months ago
- PDB Rewriting Rust Library☆25Updated last year
- Minimalistic Windows Kernel Allocator.☆49Updated last year
- rekk is set of tools written in Rust to obfuscate ELF & PE executables with nanomites.☆32Updated 9 months ago
- Generate a PDB file given the old PDB file and an address mapping☆49Updated 2 months ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆79Updated 3 months ago
- A minimalistic logger for Windows Kernel Drivers.☆25Updated last year
- Exploiting the KsecDD Windows driver through Server Silos☆74Updated 10 months ago
- Me fockin' pe protector☆45Updated 2 years ago
- Easy encrypt/decrypt data with TPM☆25Updated last year