Intel 64/Windows low-level experiments
☆63Aug 25, 2025Updated 6 months ago
Alternatives and similar repositories for EVENSTAR
Users that are interested in EVENSTAR are comparing it to the libraries listed below
Sorting:
- Mentally ill EtwTi parser☆69Jan 11, 2026Updated 2 months ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆77Sep 8, 2025Updated 6 months ago
- ntoskrnl .data hooks for UM-KM communication☆54May 26, 2024Updated last year
- List the ETW provider(s) in the registration table of a process.☆80Sep 20, 2023Updated 2 years ago
- Finding Truth in the Shadows☆125Jan 26, 2023Updated 3 years ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 8 months ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆95Jul 7, 2025Updated 8 months ago
- A service container for interacting with SRA's VECTR☆16Apr 9, 2025Updated 11 months ago
- ☆19Sep 17, 2025Updated 6 months ago
- C++ Assembler with Built-in Mutation Engine☆30Sep 6, 2025Updated 6 months ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 2 years ago
- ☆59Feb 19, 2026Updated last month
- Disks for DMA☆145Apr 28, 2021Updated 4 years ago
- binary instrumentation, analysis, and patching framework☆102Feb 20, 2026Updated last month
- Beacon Object File (BOF) for identifying dependent child services of a given parent.☆19Jun 20, 2025Updated 9 months ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆244Sep 26, 2023Updated 2 years ago
- A collection of position independent coding resources☆109Nov 15, 2025Updated 4 months ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- Bypassing kernel patch protection runtime☆22Feb 19, 2023Updated 3 years ago
- x86-64 Automated test data generator☆26Aug 18, 2025Updated 7 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking☆438Jun 27, 2025Updated 8 months ago
- Shellcode Loader using indirect syscalls☆16Jan 21, 2024Updated 2 years ago
- Reverse SSH C2☆35Sep 19, 2025Updated 6 months ago
- ☆128Dec 12, 2025Updated 3 months ago
- GenZ Shellcode Generator to execute commands with winExec API☆22Apr 27, 2025Updated 10 months ago
- ☆15Sep 24, 2012Updated 13 years ago
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 4 months ago
- ☆110Feb 17, 2025Updated last year
- Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence a…☆22Jul 6, 2024Updated last year
- Call Stack Spoofing for Rust☆212Jan 28, 2026Updated last month
- Undocumented MSVC☆45Nov 10, 2025Updated 4 months ago
- minimal hypervisor for aarch64 (WIP)☆31Nov 29, 2025Updated 3 months ago
- Self-mutating macOS implant☆125Updated this week
- Repository for the DEF CON 33 talk: Kill Chain Reloaded☆81Aug 3, 2025Updated 7 months ago
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆42Aug 6, 2024Updated last year
- Implementing AES 256 CBC in AES-NI - MASM Format☆19Aug 9, 2025Updated 7 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆55May 12, 2025Updated 10 months ago