void-stack / Hypervisor-Detection

Related projects: ⓘ

• 0mWindyBug / GhostMapperUM
  manual map unsigned driver over signed memory
  ☆152Updated 5 months ago
• KameronHawk / Kernel-VAD-Injector
  Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver
  ☆140Updated last year
• zer0condition / Demystifying-PatchGuard
  Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…
  ☆100Updated last year
• VollRagm / ShellcodeBakery
  A simple tool to assemble shellcode ready to be copy-pasted into code
  ☆63Updated 2 years ago
• SamuelTulach / PwnedBoot
  Using Windows' own bootloader as a shim to bypass Secure Boot
  ☆128Updated 2 months ago
• nbs32k / inline-syscall
  Inline syscalls made for MSVC supporting x64 and WOW64
  ☆172Updated last year
• SamuelTulach / RwxMeme
  State of the art DLL injector that took 20 minutes to make
  ☆195Updated last year
• Oxygen1a1 / callstack_spoof
  ☆114Updated 11 months ago
• 0mWindyBug / KDP-compatible-driver-loader
  KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys
  ☆117Updated 3 months ago
• MmMapIoSpace / UCMapper
  Unknowncheats Magically Optimized Tidy Mapper using nvaudio
  ☆91Updated 3 months ago
• Deputation / hygieia
  Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.
  ☆133Updated 2 years ago
• Deputation / instrumentation_callbacks
  A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.
  ☆111Updated 2 years ago
• 4l3x777 / dse_pg_bypass
  DSE & PG bypass via BYOVD attack
  ☆34Updated 5 months ago
• Oliver-1-1 / SmmInfect
  ☆33Updated this week
• emlinhax / dse_hook
  load unsigned kernel-driver by patching dse in 248 lines
  ☆96Updated 5 months ago
• kkent030315 / anymapper
  x64 Windows kernel driver mapper, inject unsigned driver using anycall
  ☆103Updated 7 months ago
• zer0condition / ZeroThreadKernel
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆150Updated last year
• AdamOron / PatchGuardBypass
  Bypassing PatchGuard on modern x64 systems
  ☆238Updated last year
• jonomango / nohv
  Kernel driver for detecting Intel VT-x hypervisors.
  ☆167Updated last year
• Azvanzed / IdaMeme
  Crashes ida on static analyses.
  ☆86Updated 3 weeks ago
• sunwm518 / VMProtect-3-5-DEvirt
  VMProtect, VMP, Devirter, 3,5
  ☆103Updated last year
• Oliver-1-1 / GhostMapper
  ☆212Updated last week
• VollRagm / lpmapper
  A mapper that maps shellcode into loaded large page drivers
  ☆215Updated 2 years ago
• mike1k / ImportCallObfuscator
  Obfuscate calls to imports by patching in stubs
  ☆58Updated 3 years ago
• Flerov / TS-Changer
  TS-Changer - Forces the machine in/out of TestSigning Mode at runtime.
  ☆58Updated last year
• Oliver-1-1 / ModuleSpoof
  ☆63Updated 4 months ago
• EBalloon / Rw-No-Attach
  ☆145Updated 3 months ago
• estimated1337 / lenovo_exec
  CVE-2022-3699 with arbitrary kernel code execution capability
  ☆70Updated last year
• oakboat / RTCore64_Vulnerability
  Use RTCore64 to map your driver on windows 11.
  ☆90Updated 5 months ago
• zer0condition / ZeroHVCI
  Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…
  ☆151Updated 2 months ago