vmctx / guardian-rs

Related projects: ⓘ

• cursey / x64-virtualizer-rs
  x86-64 virtualizing obfuscator written in Rust
  ☆57Updated 10 months ago
• SamuelTulach / memhv
  Minimalistic AMD-V/SVM hypervisor with memory introspection capabilities
  ☆168Updated 3 months ago
• Xyrem / Yumekage
  Demo proof of concept for shadow regions, and implementation of HyperDeceit.
  ☆260Updated last year
• jonomango / nohv
  Kernel driver for detecting Intel VT-x hypervisors.
  ☆167Updated last year
• Deputation / instrumentation_callbacks
  A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.
  ☆111Updated 2 years ago
• ThatLing / limba
  compile-time control flow obfuscation using mba
  ☆172Updated last year
• hfiref0x / WubbabooMark
  Debugger Anti-Detection Benchmark
  ☆283Updated 9 months ago
• memN0ps / illusion-rs
  Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
  ☆222Updated 2 weeks ago
• sodareverse / TDE
  A devirtualization engine for Themida.
  ☆81Updated 6 months ago
• VollRagm / PTView
  Browse Page Tables on Windows (Page Table Viewer)
  ☆178Updated 2 years ago
• mike1k / pepp
  C++ library for parsing and manipulating PE files statically and dynamically.
  ☆82Updated 11 months ago
• notpidgey / EagleVM
  Native code virtualizer for x64 binaries
  ☆355Updated this week
• thesecretclub / callout-poc
  ☆135Updated 3 years ago
• NaC-L / Mergen
  Deobfuscation via optimization with usage of LLVM IR and parsing assembly.
  ☆308Updated last week
• MellowNight / AetherVisor
  Memory hacking library powered by AMD SVM
  ☆290Updated last year
• nelfo / Milfuscator
  x86 PE Mutator
  ☆211Updated last year
• thesecretclub / SandboxBootkit
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆251Updated 2 years ago
• emlinhax / dse_hook
  load unsigned kernel-driver by patching dse in 248 lines
  ☆96Updated 5 months ago
• kkent030315 / anycall
  x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
  ☆214Updated 2 years ago
• zer0condition / ZeroHVCI
  Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…
  ☆151Updated 2 months ago
• backengineering / llvm-msvc
  [WIP] A forked version of LLVM that prioritizes MSVC compatibility. This version is tailored for Windows users.
  ☆200Updated this week
• mrexodia / AppInitHook
  Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary pr…
  ☆156Updated 2 years ago
• SamuelTulach / RwxMeme
  State of the art DLL injector that took 20 minutes to make
  ☆195Updated last year
• Deputation / hygieia
  Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.
  ☆133Updated 2 years ago
• Oliver-1-1 / GhostMapper
  ☆212Updated last week
• Vasie1337 / Kernel-Anticheat
  Check your detection vectors
  ☆132Updated last year
• gmh5225 / CallMeWin32kDriver
  Load your driver like win32k.sys
  ☆242Updated 2 years ago
• st4ckh0und / AntiOreans-CodeDevirtualizer
  ☆137Updated this week
• mibho / x64dbg-vmp-trace
  unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…
  ☆49Updated 7 months ago
• archercreat / vm_jit
  VM devirtualization PoC based on AsmJit and llvm
  ☆102Updated 3 years ago