Demonstrate calling a kernel function and handle process creation callback against HVCI
☆84Dec 21, 2022Updated 3 years ago
Alternatives and similar repositories for malk
Users that are interested in malk are comparing it to the libraries listed below
Sorting:
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- ☆29Mar 9, 2024Updated last year
- Bypassing kernel patch protection runtime☆22Feb 19, 2023Updated 3 years ago
- Hooking Windows' exception dispatcher to protect process's PML4☆228Jan 24, 2025Updated last year
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- ☆18Mar 28, 2023Updated 2 years ago
- Bypassing PatchGuard on modern x64 systems☆265Apr 9, 2023Updated 2 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆486May 18, 2021Updated 4 years ago
- Leveraging TPM2 TCG Logs (Measured Boot) to Detect UEFI Drivers and Pre-Boot Applications☆22Mar 28, 2025Updated 11 months ago
- it's a driver injector or driver loader header lib(Windows)☆12Aug 5, 2023Updated 2 years ago
- Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence a…☆22Jul 6, 2024Updated last year
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- The Windbg extensions to study Hyper-V on Intel and AMD processors.☆171Feb 10, 2026Updated 3 weeks ago
- Research on Windows Kernel Executive Callback Objects☆316Feb 22, 2020Updated 6 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆269Aug 31, 2022Updated 3 years ago
- ☆23May 8, 2023Updated 2 years ago
- base for testing☆187Sep 28, 2024Updated last year
- An advanced DKOM for drivers with "DRIVER_OBJECT"☆22Feb 19, 2023Updated 3 years ago
- ☆71Feb 6, 2025Updated last year
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆249Jul 9, 2024Updated last year
- ☆194Jul 29, 2024Updated last year
- Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No …☆23Jun 16, 2024Updated last year
- Browse Page Tables on Windows (Page Table Viewer)☆234Apr 2, 2022Updated 3 years ago
- ☆69Aug 31, 2021Updated 4 years ago
- A library to assist with memory & code protection.☆66Mar 7, 2024Updated last year
- Rookit and anti rookit on Windows platform☆14Apr 30, 2024Updated last year
- Exploiting the KsecDD Windows driver through Server Silos☆77Nov 11, 2024Updated last year
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Infect Shared Files In Memory for Lateral Movement☆193Dec 14, 2022Updated 3 years ago
- HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…☆379Jun 3, 2023Updated 2 years ago
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 3 years ago
- A small tool for rapid enumeration of CPUID, and MSR fields.☆32Jan 30, 2024Updated 2 years ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆365Aug 18, 2022Updated 3 years ago
- Using NtCreateFile and NtDeviceIoControlFile to realize the function of winsock(利用NtCreateFile和NtDeviceIoControlFile 实现winsock的功能)☆128Sep 9, 2022Updated 3 years ago
- Tool to dump EFI runtime drivers.☆39Feb 23, 2024Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆243Jul 7, 2021Updated 4 years ago
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆173Apr 27, 2023Updated 2 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Apr 13, 2023Updated 2 years ago