zodiacon / eBPFStudioLinks
Work with eBPF on Windows
☆42Updated 5 months ago
Alternatives and similar repositories for eBPFStudio
Users that are interested in eBPFStudio are comparing it to the libraries listed below
Sorting:
- Process Injection via Component Object Model (COM) IRundown::DoCallback().☆60Updated 2 years ago
- Example of building an application verifer DLL☆50Updated last year
- Samples from my book Windows Native API programming☆74Updated 2 months ago
- My try to implement a virtual CPU in C☆19Updated last year
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆64Updated 11 months ago
- Simulate per-process disconnection in red team environments☆77Updated last month
- defender_database☆22Updated last year
- ☆82Updated 3 years ago
- Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.☆34Updated 3 months ago
- Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html☆141Updated 3 years ago
- ☆32Updated last year
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆78Updated last month
- Windows Defender VDM lua collections☆47Updated 2 years ago
- Rust bindings for VMProtect.☆26Updated last year
- A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering☆41Updated last month
- Call NtCreateUserProcess directly as normal.☆72Updated 3 years ago
- Enabled / Disable LSA Protection via BYOVD☆73Updated 3 years ago
- Collection of DLL function export forwards for DLL export function proxying☆102Updated last year
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆31Updated 3 years ago
- ☆10Updated 2 years ago
- 32 bit process inject shellcode to 32 bit process and 64 bit process☆35Updated 2 years ago
- Finding Truth in the Shadows☆110Updated 2 years ago
- Detours implementation (x64/x86) which used only ntdll import☆90Updated last year
- Hook all callbacks which are registered with LdrRegisterDllNotification☆88Updated 4 months ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆118Updated 2 years ago
- Exploiting the KsecDD Windows driver through Server Silos☆72Updated 8 months ago
- Inject unsigned DLL into Protected Process Light (PPL)☆25Updated 2 months ago
- An implementation of an indirect system call☆129Updated last year
- Detect BypassUAC using AMSI☆26Updated 5 months ago
- Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&☆56Updated last month