Intel 64/Windows low-level experiments
☆63Aug 25, 2025Updated 6 months ago
Alternatives and similar repositories for EVENSTAR
Users that are interested in EVENSTAR are comparing it to the libraries listed below
Sorting:
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- ntoskrnl .data hooks for UM-KM communication☆54May 26, 2024Updated last year
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆93Jul 7, 2025Updated 7 months ago
- A service container for interacting with SRA's VECTR☆16Apr 9, 2025Updated 10 months ago
- C++ Assembler with Built-in Mutation Engine☆30Sep 6, 2025Updated 5 months ago
- ☆19Sep 17, 2025Updated 5 months ago
- binary instrumentation, analysis, and patching framework☆100Feb 20, 2026Updated last week
- Shellcode Loader using indirect syscalls☆16Jan 21, 2024Updated 2 years ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆242Sep 26, 2023Updated 2 years ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆76Sep 8, 2025Updated 5 months ago
- List the ETW provider(s) in the registration table of a process.☆80Sep 20, 2023Updated 2 years ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 7 months ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 2 years ago
- Undocumented MSVC☆43Nov 10, 2025Updated 3 months ago
- x86-64 Automated test data generator☆26Aug 18, 2025Updated 6 months ago
- GenZ Shellcode Generator to execute commands with winExec API☆22Apr 27, 2025Updated 10 months ago
- Win32 API Experimental(or Extension) features☆37Nov 18, 2022Updated 3 years ago
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆59May 23, 2022Updated 3 years ago
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- Bypassing kernel patch protection runtime☆22Feb 19, 2023Updated 3 years ago
- Short Python script for parsing Defender VDM signature files.☆10Sep 22, 2024Updated last year
- A wrapper around Windows, calls explicitly the lowest possible calls☆14Jan 19, 2023Updated 3 years ago
- ☆109Oct 29, 2024Updated last year
- Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking☆436Jun 27, 2025Updated 8 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…☆62May 16, 2025Updated 9 months ago
- Disks for DMA☆141Apr 28, 2021Updated 4 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- Repository for the DEF CON 33 talk: Kill Chain Reloaded☆79Aug 3, 2025Updated 6 months ago
- ☆109Feb 17, 2025Updated last year
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 3 months ago
- Self-hosting binary instrumentation framework for security research☆12Apr 10, 2023Updated 2 years ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54May 12, 2025Updated 9 months ago
- Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence a…☆22Jul 6, 2024Updated last year
- RE for champions☆15Updated this week
- ☆10Oct 1, 2024Updated last year
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago