☆25Dec 16, 2024Updated last year
Alternatives and similar repositories for WTF-WFP
Users that are interested in WTF-WFP are comparing it to the libraries listed below
Sorting:
- ☆14Sep 22, 2023Updated 2 years ago
- ☆12Jun 30, 2019Updated 6 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- ☆18Mar 28, 2023Updated 2 years ago
- An IOC framework written in PowerShell☆19Jan 3, 2017Updated 9 years ago
- Async rust support for the reverse-engineered Crowdstrike Falcon protocol between the Sensor and cloud services☆17Mar 10, 2023Updated 2 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- .lib file for linking against the NT CRT☆19Mar 18, 2022Updated 3 years ago
- ☆25Dec 3, 2024Updated last year
- Source files for my posts☆17Jun 20, 2023Updated 2 years ago
- Companion content for my 'Fun with Office Macros' webcast.☆25Apr 18, 2024Updated last year
- Experimental Windows .text section Patch Detector☆22Jan 26, 2015Updated 11 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- Specialized tool to dump Position Independent Code.☆22Aug 4, 2020Updated 5 years ago
- An advanced DKOM for drivers with "DRIVER_OBJECT"☆22Feb 19, 2023Updated 3 years ago
- HackSysExtremeVulnerableDriver exploits for latest Windows 10 version☆26Jan 13, 2026Updated last month
- Bypassing kernel patch protection runtime☆22Feb 19, 2023Updated 3 years ago
- Google Chrome Use After Free☆61May 23, 2022Updated 3 years ago
- Executes shellcode from a remote server and aims to evade in-memory scanners☆32Nov 17, 2019Updated 6 years ago
- Automated environment setup for Bootkit & Rootkit development.☆36Aug 9, 2025Updated 6 months ago
- anti-ransomware file-system filter☆69Sep 3, 2024Updated last year
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆157Nov 23, 2025Updated 3 months ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- A simple Linux in-memory .so loader☆33Mar 29, 2023Updated 2 years ago
- x86 and x64 assembly "read-eval-print loop" for Windows☆35Aug 13, 2017Updated 8 years ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆77Sep 8, 2025Updated 5 months ago
- A PoC tool for exploiting leaked process and thread handles☆32Feb 13, 2024Updated 2 years ago
- Dell Driver EoP (CVE-2021-21551)☆32Feb 24, 2022Updated 4 years ago
- Mapping your code on a 0x1000 size page☆71May 20, 2022Updated 3 years ago
- This is a repository that is meant to hold detections for various process injection techniques.☆34Mar 3, 2020Updated 6 years ago
- Active Directory certificate abuse☆43Oct 9, 2022Updated 3 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆88May 17, 2023Updated 2 years ago
- 💻 Windows 10 Kernel-mode rootkit☆32Sep 3, 2022Updated 3 years ago
- Unifi Controller API for PowerShell☆90Jun 28, 2024Updated last year
- Tool to dump EFI runtime drivers.☆39Feb 23, 2024Updated 2 years ago
- ☆90Jun 2, 2024Updated last year
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆41Sep 23, 2021Updated 4 years ago
- NT AUTHORITY\SYSTEM☆43Jul 8, 2020Updated 5 years ago
- Exploit POC for CVE-2024-36877☆48Aug 14, 2024Updated last year