zodiacon / Recon2023
Recon 2023 slides and code
☆77Updated last year
Related projects: ⓘ
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆105Updated 2 months ago
- masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)☆114Updated last year
- ☆93Updated last week
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆114Updated last year
- ☆103Updated last month
- Aplos an extremely simple fuzzer for Windows binaries.☆66Updated 5 months ago
- ☆102Updated 2 months ago
- ☆70Updated 2 months ago
- WinDbg extension written in Rust to dump the CPU / memory state of a running VM☆110Updated last month
- Windows x64 kernel mode rootkit process hollowing POC.☆180Updated last year
- A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.☆81Updated last year
- Admin to Kernel code execution using the KSecDD driver☆232Updated 5 months ago
- ☆150Updated 4 months ago
- Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book☆86Updated 2 months ago
- C# Utilities for Windows Notification Facility☆122Updated 4 months ago
- MalUnpack companion driver☆92Updated 3 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆61Updated last week
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆106Updated 2 weeks ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆91Updated last year
- ☆94Updated 2 years ago
- ☆60Updated 7 months ago
- ☆65Updated last year
- How to set up 2 VirtualBox VM to debug kernel driver using windbg☆50Updated 2 years ago
- A Python script to download PDB files associated with a Portable Executable (PE)☆113Updated 2 months ago
- ☆92Updated this week
- a PE Loader and Windows API tracer. Useful in malware analysis.☆138Updated 2 years ago
- A dynamic unpacking tool☆127Updated last year
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆221Updated 2 years ago
- ☆132Updated last month
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆219Updated 11 months ago