zer0condition / ZeroHVCI
Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.
☆193Updated 4 months ago
Alternatives and similar repositories for ZeroHVCI:
Users that are interested in ZeroHVCI are comparing it to the libraries listed below
- Hooking Windows' exception dispatcher to protect process's PML4☆155Updated 2 months ago
- Using Windows' own bootloader as a shim to bypass Secure Boot☆165Updated 8 months ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆117Updated last year
- DSE & PG bypass via BYOVD attack☆43Updated 11 months ago
- ☆155Updated 2 weeks ago
- manual map unsigned driver over signed memory☆186Updated 11 months ago
- PoC Anti-Rootkit/Anti-Cheat Driver.☆184Updated 6 months ago
- ☆268Updated last week
- Collection of hypervisor detections☆225Updated 5 months ago
- An x86-64 Code Virtualizer☆245Updated 5 months ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆154Updated last year
- Demo proof of concept for shadow regions, and implementation of HyperDeceit.☆276Updated last year
- State of the art DLL injector that took 20 minutes to make☆211Updated last year
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆82Updated 5 months ago
- Kernel driver for detecting Intel VT-x hypervisors.☆178Updated last year
- Load your driver like win32k.sys☆251Updated 2 years ago
- Bypassing PatchGuard on modern x64 systems☆254Updated last year
- load unsigned kernel-driver by patching dse in 248 lines☆114Updated last year
- Inline syscalls made for MSVC supporting x64 and WOW64☆178Updated last year
- Debugger Anti-Detection Benchmark☆323Updated last year
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆167Updated last year
- Browse Page Tables on Windows (Page Table Viewer)☆196Updated 2 years ago
- compile-time control flow obfuscation using mba☆181Updated last year
- KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys☆142Updated 9 months ago
- C++ macro for x64 programs that breaks ida hex-rays decompiler tool.☆100Updated 11 months ago
- Reverse engineering winapi function loadlibrary.☆187Updated last year
- nmi stackwalking + module verification☆107Updated last year
- Unknowncheats Magically Optimized Tidy Mapper using nvaudio☆117Updated 9 months ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆244Updated 2 years ago
- An x86-64 code virtualizer for VM based obfuscation☆109Updated 3 months ago