xsh3llsh0ck / PicoHookView external linksLinks
Small driver that uses alternative syscalls feature (the project is still under development).
☆18May 9, 2024Updated last year
Alternatives and similar repositories for PicoHook
Users that are interested in PicoHook are comparing it to the libraries listed below
Sorting:
- Tool to dump EFI runtime drivers.☆39Feb 23, 2024Updated last year
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆118Oct 15, 2024Updated last year
- Hotkey-based keylogger for Windows☆32Oct 17, 2024Updated last year
- Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence a…☆22Jul 6, 2024Updated last year
- Resolve offsets, gadgets and symbols from NTKernel☆56Jan 15, 2026Updated last month
- ☆11Sep 30, 2023Updated 2 years ago
- A proof of concept of real custom GetProcAddress and GetModuleBaseAddress☆21Jul 9, 2022Updated 3 years ago
- Another UEFI runtime bootkit☆36May 8, 2023Updated 2 years ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆42Oct 11, 2025Updated 4 months ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆53Dec 30, 2025Updated last month
- windows kernel pagehook☆41Oct 30, 2022Updated 3 years ago
- Some basic UEFI definitions and symbols exactly as definied by the UEFI spec, in the form of C++ headers to be used for writing C++ UEFI …☆14Sep 11, 2022Updated 3 years ago
- Simple anti-instrumentation with EFLAGS.AC☆17Mar 31, 2025Updated 10 months ago
- ☆18Mar 1, 2021Updated 4 years ago
- Multi-Layer Automata-Based Encryption strings☆25Jul 9, 2024Updated last year
- Fuzzing Harness and Unpatched Crash Results from Fuzzing Defender MpEngine☆39Jul 29, 2025Updated 6 months ago
- ☆44Nov 7, 2024Updated last year
- ☆22Feb 19, 2021Updated 4 years ago
- ANY.RUN sandbox detection collection☆23Aug 21, 2024Updated last year
- Library and tools to access the Common Log File System (CLFS)☆25Dec 4, 2025Updated 2 months ago
- Example of using Windows Platform Binary Table (WPBT)☆27Jul 9, 2023Updated 2 years ago
- Outlast Trials C++ cheat, feel free to contribute <3☆14Jun 30, 2024Updated last year
- By manipulating LSASS memory flags like UseLogonCredential and IsCredGuardEnabled, this repo demonstrates how Credential Guard can be byp…☆14May 25, 2025Updated 8 months ago
- Load dll with undocumented functions and debug symbols☆47Jul 20, 2024Updated last year
- Port of zentool to Windows☆27Mar 7, 2025Updated 11 months ago
- A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)☆142Sep 3, 2023Updated 2 years ago
- Z Anti-Anti-Debugger for Linux☆60Jul 21, 2025Updated 6 months ago
- A BOF port of the research of @thefLinkk and @codewhitesec☆100Oct 12, 2021Updated 4 years ago
- ☆29Mar 9, 2024Updated last year
- Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)☆57Jun 15, 2025Updated 8 months ago
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆60Oct 19, 2024Updated last year
- Instrumenting a binary without source code to bypass anti-debug checks☆38Sep 25, 2021Updated 4 years ago
- Abusing exceptions for code execution.☆113Jan 30, 2023Updated 3 years ago
- Bin2Wrong: a Unified Fuzzing Framework for Uncovering Semantic Errors in Binary-to-C Decompilers☆59May 20, 2025Updated 8 months ago
- A small tool for rapid enumeration of CPUID, and MSR fields.☆32Jan 30, 2024Updated 2 years ago
- Header-only C++ library for producing PE files.☆34Jun 17, 2023Updated 2 years ago
- ☆34Apr 11, 2023Updated 2 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago
- My notes while studying Windows exploitation☆193Jul 25, 2023Updated 2 years ago