Small driver that uses alternative syscalls feature
☆18May 9, 2024Updated last year
Alternatives and similar repositories for PicoHook
Users that are interested in PicoHook are comparing it to the libraries listed below
Sorting:
- Tool to dump EFI runtime drivers.☆39Feb 23, 2024Updated 2 years ago
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆119Oct 15, 2024Updated last year
- Hotkey-based keylogger for Windows☆33Oct 17, 2024Updated last year
- ☆11Sep 30, 2023Updated 2 years ago
- Resolve offsets, gadgets and symbols from NTKernel☆56Jan 15, 2026Updated last month
- Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence a…☆22Jul 6, 2024Updated last year
- A proof of concept of real custom GetProcAddress and GetModuleBaseAddress☆21Jul 9, 2022Updated 3 years ago
- Another UEFI runtime bootkit☆37May 8, 2023Updated 2 years ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆44Oct 11, 2025Updated 4 months ago
- windows kernel pagehook☆42Oct 30, 2022Updated 3 years ago
- Simple anti-instrumentation with EFLAGS.AC☆17Mar 31, 2025Updated 11 months ago
- Some basic UEFI definitions and symbols exactly as definied by the UEFI spec, in the form of C++ headers to be used for writing C++ UEFI …☆14Sep 11, 2022Updated 3 years ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆55Dec 30, 2025Updated 2 months ago
- Multi-Layer Automata-Based Encryption strings☆25Jul 9, 2024Updated last year
- ☆18Mar 1, 2021Updated 5 years ago
- ☆21Feb 19, 2021Updated 5 years ago
- Fuzzing Harness and Unpatched Crash Results from Fuzzing Defender MpEngine☆41Jul 29, 2025Updated 7 months ago
- ☆49Nov 7, 2024Updated last year
- ANY.RUN sandbox detection collection☆22Aug 21, 2024Updated last year
- Example of using Windows Platform Binary Table (WPBT)☆27Jul 9, 2023Updated 2 years ago
- Library and tools to access the Common Log File System (CLFS)☆25Dec 4, 2025Updated 3 months ago
- By manipulating LSASS memory flags like UseLogonCredential and IsCredGuardEnabled, this repo demonstrates how Credential Guard can be byp…☆14May 25, 2025Updated 9 months ago
- Outlast Trials C++ cheat, feel free to contribute <3☆14Jun 30, 2024Updated last year
- Load dll with undocumented functions and debug symbols☆47Jul 20, 2024Updated last year
- Port of zentool to Windows☆27Mar 7, 2025Updated last year
- Z Anti-Anti-Debugger for Linux☆60Jul 21, 2025Updated 7 months ago
- A BOF port of the research of @thefLinkk and @codewhitesec☆100Oct 12, 2021Updated 4 years ago
- Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)☆56Jun 15, 2025Updated 8 months ago
- A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)☆153Sep 3, 2023Updated 2 years ago
- ☆29Mar 9, 2024Updated 2 years ago
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆61Oct 19, 2024Updated last year
- Instrumenting a binary without source code to bypass anti-debug checks☆38Sep 25, 2021Updated 4 years ago
- Abusing exceptions for code execution.☆113Jan 30, 2023Updated 3 years ago
- Bin2Wrong: a Unified Fuzzing Framework for Uncovering Semantic Errors in Binary-to-C Decompilers☆59May 20, 2025Updated 9 months ago
- A small tool for rapid enumeration of CPUID, and MSR fields.☆32Jan 30, 2024Updated 2 years ago
- ☆34Apr 11, 2023Updated 2 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago
- Header-only C++ library for producing PE files.☆36Jun 17, 2023Updated 2 years ago
- My notes while studying Windows exploitation☆193Jul 25, 2023Updated 2 years ago