zodiacon / ApiSetView
API Set Viewer
☆84Updated 4 years ago
Related projects ⓘ
Alternatives and complementary repositories for ApiSetView
- Run Processes as PPL with ELAM☆146Updated 2 years ago
- ☆61Updated 9 months ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- Local OXID Resolver (LCLOR) : Research and Tooling☆33Updated 3 years ago
- ☆67Updated last year
- The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent …☆36Updated 2 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆49Updated last year
- ☆78Updated 2 years ago
- ☆68Updated 2 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆110Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆163Updated last year
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆136Updated 5 years ago
- ☆24Updated last year
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆105Updated 2 years ago
- Example of building an application verifer DLL☆44Updated 5 months ago
- Samples from my book Windows Native API programming☆57Updated 4 months ago
- A WinDbg extension to trace COM interactions☆110Updated 9 months ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- Demos and presentation from SECArmy Village Grayhat 2020☆36Updated last year
- Enumerate various traits from Windows processes as an aid to threat hunting☆183Updated 2 years ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆83Updated last year
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆92Updated 5 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆113Updated 5 years ago
- Run any executable as SYSTEM account (no service required)☆124Updated 6 months ago
- Explore Job Objects on a Windows system☆81Updated 5 years ago
- ☆17Updated 3 years ago
- Some Code Samples for Windows based Inter-Process-Communication (IPC)☆161Updated 8 months ago
- Command like tool to print mitigation flags for running processes in a memory dump☆44Updated 4 years ago
- Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html☆125Updated 2 years ago