yardenshafir / cet-research
A collection of tools, source code, and papers researching Windows' implementation of CET.
☆78Updated 4 years ago
Alternatives and similar repositories for cet-research:
Users that are interested in cet-research are comparing it to the libraries listed below
- clone of armadillo patched for windows☆46Updated 3 months ago
- A research project about Windows notify routines.☆35Updated 4 years ago
- Documenting system information classes and their uses☆50Updated 3 years ago
- ☆43Updated 3 years ago
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆54Updated 3 years ago
- Resolve DOS MZ executable symbols at runtime☆96Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Updated 4 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆50Updated 4 years ago
- The Windbg extension that implements commands helpful to study Hyper-V on Intel processors.☆134Updated last month
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆34Updated 3 years ago
- Helper idapython code for reversing kmdf drivers☆72Updated 2 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- Enumerate user mode shared memory mappings on Windows.☆117Updated 4 years ago
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA☆75Updated 7 months ago
- Command like tool to print mitigation flags for running processes in a memory dump☆46Updated 4 years ago
- IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).☆88Updated 3 years ago
- ☆45Updated 4 years ago
- AMD SVM hypervisor rootkit proof of concept☆44Updated last year
- ☆141Updated last year
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆35Updated 7 months ago
- vdk is a set of utilities used to help with exploitation of a vulnerable driver.☆39Updated 2 years ago
- Collection of obfuscation, tamper-proofing, and watermarking algorithms targeting LLVM IR.☆71Updated 5 years ago
- Local OXID Resolver (LCLOR) : Research and Tooling☆34Updated 3 years ago
- Tools made for my Hyper-V blog series @ https://foxhex0ne.blogspot.com/☆55Updated 4 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆58Updated 5 months ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆53Updated 5 years ago
- Hyper-V related resources☆30Updated 10 months ago
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆54Updated 5 months ago
- A code parser for C-Style header files that lets you to parse function's prototypes and data types used in their parameters.☆93Updated 2 years ago