Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.
☆73Mar 16, 2026Updated this week
Alternatives and similar repositories for NTMemory
Users that are interested in NTMemory are comparing it to the libraries listed below
Sorting:
- POC Windows kernel driver that spoofs threads for NMI callbacks on x86-64.☆24Mar 30, 2025Updated 11 months ago
- A demonstration of hooking into the VMProtect-2 virtual machine☆24Nov 9, 2023Updated 2 years ago
- public index of IDA Pro plugins☆25Updated this week
- x86-64 Automated test data generator☆26Aug 18, 2025Updated 7 months ago
- Crystal Palace library for proxying Nt API calls via the Threadpool☆101Oct 18, 2025Updated 5 months ago
- Bof of RegPwn by MDSec☆72Updated this week
- A simple DLL that can intercept HID messages and pass them on to the real HID DLL, while logging the data.☆23Oct 3, 2014Updated 11 years ago
- ☆15May 2, 2024Updated last year
- Bypass user-land hooks by syscall tampering via the Trap Flag☆139Aug 25, 2025Updated 6 months ago
- Very easy to use pdb parsing library with only one header file,You can use it even if you are a fool.☆10Feb 12, 2026Updated last month
- Find out how to bypass HVCI (or not). My own research on Microsoft Warbird (specifically in clipsp.sys)☆95Oct 26, 2025Updated 4 months ago
- Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan …☆207Dec 8, 2025Updated 3 months ago
- ☆71Jan 1, 2026Updated 2 months ago
- A scanner for the FortiNet vulnerability CVE-2025-64446☆30Nov 18, 2025Updated 4 months ago
- An utility to download PDB files associated with a Portable Executable (PE).☆15Feb 18, 2025Updated last year
- Abusing DDMA alongside Copy On Write for Cross Process Code Execution for a 3000$ Bug Bounty☆91Feb 1, 2026Updated last month
- Deobfuscation and Analysis of Ring-1.io☆79Feb 7, 2026Updated last month
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆32Sep 24, 2025Updated 5 months ago
- A python tool to generate an Excel file linking the list of cracked accounts and their LDAP attributes.☆12Jan 31, 2025Updated last year
- cr3 shuffle driver☆80Mar 24, 2024Updated last year
- Locate dlls and function addresses without PEB Walk and EAT parsing☆105Nov 7, 2025Updated 4 months ago
- open source port/reimplementation of the Cobalt Strike BOF Loader as is☆69Mar 8, 2026Updated last week
- A small WinRM client designed for interacting with JEA endpoints.☆13Aug 29, 2024Updated last year
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- Network Fuzzing Framework☆64Jan 17, 2026Updated 2 months ago
- Optimized software implementation in C of the RC4 encryption algorithm.☆14Mar 4, 2013Updated 13 years ago
- Hooking Windows' exception dispatcher to protect process's PML4☆233Jan 24, 2025Updated last year
- The sequel to Voyager☆100Aug 21, 2024Updated last year
- A Proof-of-Concept using Cache Smuggling + Exif data to passively download a second stage payload☆51Oct 28, 2025Updated 4 months ago
- Self-Loading Registration Free COM Functions☆11Nov 12, 2019Updated 6 years ago
- This is an EfiGuard BootLoader that can boot EfiGuard from Usermode with no USB or Setup as a Single Executable with automatic File Dumpi…☆70Sep 27, 2025Updated 5 months ago
- CyberShield 2025 Intro to EDR Evasion Class☆16Jun 3, 2025Updated 9 months ago
- ☆15Mar 28, 2015Updated 10 years ago
- Simple mmapper which using UEFI runtime driver.☆83Aug 31, 2019Updated 6 years ago
- filter driver to hide files and directories☆25Feb 12, 2024Updated 2 years ago
- Exploits Intel's signed iqvw64e.sys driver to allow manual mapping and read/writing of memory at a kernel level.☆13Jun 1, 2019Updated 6 years ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆21Jan 1, 2025Updated last year
- Kernel Level NMI Callback Blocker☆167Sep 27, 2025Updated 5 months ago