void-stack / Hypervisor-Detection
Detects virtual machines and malware analysis environments
☆109Updated last year
Related projects: ⓘ
- manual map unsigned driver over signed memory☆152Updated 5 months ago
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆140Updated last year
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆100Updated last year
- A simple tool to assemble shellcode ready to be copy-pasted into code☆63Updated 2 years ago
- Using Windows' own bootloader as a shim to bypass Secure Boot☆128Updated 2 months ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆172Updated last year
- State of the art DLL injector that took 20 minutes to make☆195Updated last year
- ☆114Updated 11 months ago
- KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys☆117Updated 3 months ago
- Unknowncheats Magically Optimized Tidy Mapper using nvaudio☆91Updated 3 months ago
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.☆133Updated 2 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆111Updated 2 years ago
- DSE & PG bypass via BYOVD attack☆34Updated 5 months ago
- ☆33Updated this week
- load unsigned kernel-driver by patching dse in 248 lines☆96Updated 5 months ago
- x64 Windows kernel driver mapper, inject unsigned driver using anycall☆103Updated 7 months ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆150Updated last year
- Bypassing PatchGuard on modern x64 systems☆238Updated last year
- Kernel driver for detecting Intel VT-x hypervisors.☆167Updated last year
- Crashes ida on static analyses.☆86Updated 3 weeks ago
- VMProtect, VMP, Devirter, 3,5☆103Updated last year
- ☆212Updated last week
- A mapper that maps shellcode into loaded large page drivers☆215Updated 2 years ago
- Obfuscate calls to imports by patching in stubs☆58Updated 3 years ago
- TS-Changer - Forces the machine in/out of TestSigning Mode at runtime.☆58Updated last year
- ☆63Updated 4 months ago
- ☆145Updated 3 months ago
- CVE-2022-3699 with arbitrary kernel code execution capability☆70Updated last year
- Use RTCore64 to map your driver on windows 11.☆90Updated 5 months ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆151Updated 2 months ago