void-stack / Hypervisor-Detection
Detects virtual machines and malware analysis environments
☆119Updated 2 years ago
Alternatives and similar repositories for Hypervisor-Detection:
Users that are interested in Hypervisor-Detection are comparing it to the libraries listed below
- ☆122Updated last year
- DSE & PG bypass via BYOVD attack☆44Updated 11 months ago
- A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)☆54Updated last year
- PoC Anti-Rootkit/Anti-Cheat Driver.☆184Updated 6 months ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆117Updated last year
- Unknowncheats Magically Optimized Tidy Mapper using nvaudio☆117Updated 9 months ago
- manual map unsigned driver over signed memory☆186Updated 11 months ago
- An x86-64 code virtualizer for VM based obfuscation☆109Updated 3 months ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆154Updated last year
- Kernel driver for detecting Intel VT-x hypervisors.☆178Updated last year
- Inline syscalls made for MSVC supporting x64 and WOW64☆178Updated last year
- A simple tool to assemble shellcode ready to be copy-pasted into code☆68Updated 2 years ago
- Experiment with PAGE_GUARD protection to hide memory from other processes☆44Updated 9 months ago
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆167Updated last year
- A devirtualization engine for Themida.☆97Updated last year
- Example of reading process memory through kernel special APC☆103Updated last year
- CVE-2022-3699 with arbitrary kernel code execution capability☆69Updated 2 years ago
- Hooking Windows' exception dispatcher to protect process's PML4☆155Updated 2 months ago
- KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys☆142Updated 9 months ago
- A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy☆84Updated last year
- ☆73Updated 11 months ago
- Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.☆112Updated 3 years ago
- Bypassing PatchGuard on modern x64 systems☆254Updated last year
- ☆128Updated 2 years ago
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆82Updated 5 months ago
- x64 Windows kernel driver mapper, inject unsigned driver using anycall☆143Updated last year
- Windows PDB parser for kernel-mode environment.☆95Updated 2 years ago
- ☆198Updated 2 years ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆197Updated 5 months ago
- Using Windows' own bootloader as a shim to bypass Secure Boot☆168Updated 8 months ago