winterknife / EVENSTARLinks
Intel 64/Windows low-level experiments
☆59Updated 2 weeks ago
Alternatives and similar repositories for EVENSTAR
Users that are interested in EVENSTAR are comparing it to the libraries listed below
Sorting:
- Easy encrypt/decrypt data with TPM☆25Updated last year
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆78Updated last month
- Finding Truth in the Shadows☆110Updated 2 years ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆65Updated 3 months ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆82Updated 3 weeks ago
- ☆49Updated 4 months ago
- A set of LLVM and GCC based plugins that perform code obfuscation.☆126Updated last month
- ☆32Updated last year
- ☆31Updated 5 months ago
- Win32 keylogger that supports all (non-ime using) languages correctly☆50Updated last year
- Proof of concepts demonstrating some aspects of the Windows kernel shadow stack mitigation.☆50Updated 2 months ago
- Mentally ill EtwTi parser☆64Updated last week
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆31Updated 11 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆105Updated 2 years ago
- A few examples of how to trap virtual memory access on Windows.☆32Updated 7 months ago
- An improved version of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆70Updated 4 months ago
- ☆85Updated last year
- ☆71Updated 2 years ago
- Callstack spoofing using a VEH because VEH all the things.☆22Updated 4 months ago
- Exploiting the KsecDD Windows driver through Server Silos☆72Updated 8 months ago
- ☆30Updated 7 months ago
- In-memory hiding technique☆56Updated 6 months ago
- Example of building an application verifer DLL☆50Updated last year
- call gates as stable comunication channel for NT x86 and Linux x86_64☆32Updated last year
- Detours implementation (x64/x86) which used only ntdll import☆90Updated last year
- Reimplementation of the KExecDD DSE bypass technique.☆51Updated 10 months ago
- ☆114Updated 2 years ago
- ☆41Updated 5 months ago
- Enabled / Disable LSA Protection via BYOVD☆71Updated 3 years ago
- Rule Engine for Dynamic Malware Analysis and Research☆25Updated 3 months ago