zodiacon / MalDevWorkshopWebinar
Demo from the Malware Analysis and Development Webinar
☆20Updated 11 months ago
Alternatives and similar repositories for MalDevWorkshopWebinar:
Users that are interested in MalDevWorkshopWebinar are comparing it to the libraries listed below
- Remote Thread Detection with a Kernel Driver☆29Updated 2 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆98Updated last year
- Next gen process injection technique☆45Updated 4 years ago
- ☆37Updated last month
- Reimplementation of the KExecDD DSE bypass technique.☆47Updated 6 months ago
- Finding Truth in the Shadows☆89Updated 2 years ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆30Updated 9 months ago
- SetWinEventHook Sample☆46Updated last year
- Example of building an application verifer DLL☆45Updated 10 months ago
- An improved version of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆34Updated this week
- Callstack spoofing using a VEH because VEH all the things.☆19Updated 2 weeks ago
- List the ETW provider(s) in the registration table of a process.☆57Updated last year
- Piece of code to detect and remove hooks in IAT☆63Updated 2 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆73Updated last year
- a demo module for the kaine agent to execute and inject assembly modules☆38Updated 7 months ago
- Research of modifying exported function names at runtime (C/C++, Windows)☆17Updated 10 months ago
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆62Updated last year
- Minifilter Callback Patching Proof-of-Concept☆67Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- ☆23Updated last week
- ☆84Updated 10 months ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆26Updated last year
- HEVD Exploit: ArbitraryWrite on Windows 10 22H2 - Bypassing KVA Shadow and SMEP via PML4 Entry Manipulation☆24Updated 8 months ago
- Enabled / Disable LSA Protection via BYOVD☆66Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆84Updated 2 years ago
- ☆85Updated 7 months ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆25Updated 10 months ago
- shell code example☆33Updated 3 weeks ago
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated last year
- In-memory hiding technique☆47Updated 2 months ago