"Bypassing" HVCI via donor PFN swaps to modify read-only code pages. Call chained kernel functions (kCET and SLAT support), modify read-only code pages, and more.
☆87Feb 14, 2026Updated 2 weeks ago
Alternatives and similar repositories for BusterCall
Users that are interested in BusterCall are comparing it to the libraries listed below
Sorting:
- .data ptr swapper for newer win32k versions. (Supports Windows 11)☆36Jan 19, 2026Updated last month
- A minimalistic way to spoof return addresses without using exceptions☆17Jul 26, 2022Updated 3 years ago
- ☆53Mar 26, 2025Updated 11 months ago
- Loading and executing shellcode in C# without PInvoke.☆22Jan 10, 2022Updated 4 years ago
- Abusing DDMA alongside Copy On Write for Cross Process Code Execution for a 3000$ Bug Bounty☆88Feb 1, 2026Updated 3 weeks ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 10 months ago
- Binary lifter and deobfuscator using remill for x86_64 Windows binaries☆57Updated this week
- reverse engineering of the windows nt kernel debugger protocol & reimplementation.☆36Jul 2, 2024Updated last year
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- mash hypervisor host pml4☆17Jun 22, 2022Updated 3 years ago
- Resolve offsets, gadgets and symbols from NTKernel☆56Jan 15, 2026Updated last month
- A better way to write shell code☆10May 28, 2021Updated 4 years ago
- Port of Mandiant ShellcodeHashes plugin from IDA to BinaryNinja☆11Jul 24, 2024Updated last year
- CVE-2022-3699 with arbitrary kernel code execution capability☆71Dec 27, 2022Updated 3 years ago
- REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""☆14Mar 31, 2025Updated 11 months ago
- ntoskrnl .data hooks for UM-KM communication☆53May 26, 2024Updated last year
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 2 years ago
- An In-memory Embedding of CPython☆31May 24, 2021Updated 4 years ago
- stack based buffer overflow in MsIo64.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆12Jun 7, 2021Updated 4 years ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆76Sep 8, 2025Updated 5 months ago
- Various reverse engineering work on Windows☆22Feb 21, 2021Updated 5 years ago
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆61Oct 19, 2024Updated last year
- ☆272Sep 2, 2025Updated 5 months ago
- Using Windows' own bootloader as a shim to bypass Secure Boot☆225Jul 17, 2024Updated last year
- Template for UEFI runtime drivers written in Rust with serial logging and debugging support.☆61Oct 9, 2020Updated 5 years ago
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆119Oct 15, 2024Updated last year
- ☆20Mar 15, 2023Updated 2 years ago
- Windows kernel ROP-only implant exposing R/W primitives☆39Feb 1, 2026Updated 3 weeks ago
- Exploiting the KsecDD Windows driver through Server Silos☆76Nov 11, 2024Updated last year
- Jar Protector - Jar Crypter☆15May 18, 2018Updated 7 years ago
- Custom KiSystemStartup, can be used to modificate kernel before boot.☆53Apr 7, 2022Updated 3 years ago
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- Repository of Microsoft Driver Block Lists based off of OS-builds☆43Apr 14, 2024Updated last year
- Reports and POCs for CVE 2024-43570 and CVE-2024-43535☆29Jun 7, 2025Updated 8 months ago
- A custom implementation of the Nanomites protection technology for Windows executables (x86 and x64) originally introduced by Silicon Rea…☆33Jan 11, 2026Updated last month
- PoC script to demonstrate collection of SCCM attack paths that can be viewed in BH with OpenGraph☆24Aug 2, 2025Updated 6 months ago
- A persistant Windows Service Proof of Concept, where the Service will run after Restart or Shutdown, and invoke a given software executab…☆37Sep 28, 2023Updated 2 years ago
- A high-fidelity x86_64 polymorphic mutation engine focused on instruction-level fragmentation and context preservation.☆110Jan 18, 2026Updated last month
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 10 months ago