Pinned Repositories
CritSectionVsKernelObject
POC project to demonstrate performance difference between a critical section and a synchronization kernel object in Windows.
elam
A Practical example of ELAM (Early Launch Anti-Malware)
KernelMoveMouse
Kernel driver that moves the mouse
KernelObjects
What is the essentials of kernel object actually? Sample for Creating a new kernel object type and supporting API
PTE-View
RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
SymlinkProtect
File system minifilter driver for Windows to block symbolic link attacks.
Windows-Internals
My repository to upload drivers from different books and all the information related to windows internals.
Windows-Internals-Debugging-Performance-Learning-Resources
windows-kernel-cve
WindowsKernel's Repositories
WindowsKernel/DriverNoImage
以shellcode注入其它驱动执行,躲避驱动签名检测,曾pubg项目中使用,,,当然现在,,,
WindowsKernel/akamai-security-research
This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.
WindowsKernel/WRK
Windows Research Kernel VS2022 Solution
WindowsKernel/iMonitor
iMonitor(冰镜 - 终端行为分析系统) 进程管理API
WindowsKernel/KernelAVKiller
Antivirus killer using ring-0 kernel driver. Antivirus processes will automatically close while the killer is running.
WindowsKernel/LetMeGG
POC about how to prevent windbg break
WindowsKernel/AsmShellcodeLoader
汇编语言编写Shellcode加载器源代码 https://payloads.online/archivers/2022-02-16/1/
WindowsKernel/LyMemory
一款内核级读写工具,可强制读写任意应用层进程内存数据,用于突破游戏驱动保护强行读写对端内存。
WindowsKernel/ANGRYORCHARD
A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.
WindowsKernel/awesome-windows-kernel-security-development
windows kernel security development
WindowsKernel/Karlann
It's a kernel-based keylogger for Windows x64.
WindowsKernel/KSOCKET
KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK
WindowsKernel/NMIStackWalk
WindowsKernel/TitanHide
Hiding kernel-driver for x86/x64.
WindowsKernel/EfiGuard
Disable PatchGuard and DSE at boot time
WindowsKernel/Captain
Process Creation, Image Load and Thread Creation Notification
WindowsKernel/kdmapper
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
WindowsKernel/MouseClassServiceCallbackMeme
Calling "own" MouseClassServiceCallback
WindowsKernel/windowskernelprogrammingbook2e
Samples for the book Windows Kernel Programming, 2nd edition
WindowsKernel/driver
WindowsKernel/CreateProcessInternalW-Full
Reimplement CreateProcessInternalW via Windows 10 20H1+ Base on NtCreateUserProcess-Post
WindowsKernel/iscsicpl_bypassUAC
UAC bypass for x64 Windows 7 - 11
WindowsKernel/udis86
Disassembler Library for x86 and x86-64
WindowsKernel/awesome_windows_logical_bugs
collect for learning cases
WindowsKernel/Simple-MmcopyMemory-Hook
A simple MmCopyMemory hook.
WindowsKernel/cgaty
Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)
WindowsKernel/libwsk
The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).
WindowsKernel/PINKPANTHER
Windows x64 handcrafted token stealing kernel-mode shellcode
WindowsKernel/KillDriverProtect
关闭恶意驱动的文件和注册表保护
WindowsKernel/WindowsInternals-1
Windows Internals Book 7th edition Tools