Pinned Repositories
CritSectionVsKernelObject
POC project to demonstrate performance difference between a critical section and a synchronization kernel object in Windows.
elam
A Practical example of ELAM (Early Launch Anti-Malware)
KernelMoveMouse
Kernel driver that moves the mouse
KernelObjects
What is the essentials of kernel object actually? Sample for Creating a new kernel object type and supporting API
PTE-View
RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
SymlinkProtect
File system minifilter driver for Windows to block symbolic link attacks.
Windows-Internals
My repository to upload drivers from different books and all the information related to windows internals.
Windows-Internals-Debugging-Performance-Learning-Resources
windows-kernel-cve
WindowsKernel's Repositories
WindowsKernel/Salient-Rootkit
A kernel mode Windows rootkit in development.
WindowsKernel/WindowsKernel
windwos内核研究与驱动Code
WindowsKernel/plugins-extra
These are highly unstable, buggy, incomplete plugins that are not included with Process Hacker by default.
WindowsKernel/YDArk
X64内核小工具
WindowsKernel/CVE-2021-21551
arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system
WindowsKernel/elam
A Practical example of ELAM (Early Launch Anti-Malware)
WindowsKernel/NtSymbol
Resolve DOS MZ executable symbols at runtime
WindowsKernel/Windows-Kernel-Explorer
A free but powerful Windows kernel research tool.
WindowsKernel/OffensivePH
OffensivePH - use old Process Hacker driver to bypass several user-mode access controls
WindowsKernel/wdm
Windows Driver Model (WDM)
WindowsKernel/Kernel-Anit-Anit-Debug-Plugins
Kernel Anit Anit Debug Plugins 内核反反调试插件
WindowsKernel/ZemanaLPE
A proof-of-concept of local privilege escalation by exploiting Zemana AntiMalware/AntiLogger
WindowsKernel/kernel_callbacks
Bypasses for Windows kernel callbacks PatchGuard protection
WindowsKernel/WKPExercises
Exercises from Windows Kernel Programming(2019) by Pavel Yosifovich
WindowsKernel/InjectAll
Tutorial that demonstrates how to code a Windows driver to inject a custom DLL into all running processes. I coded it from start to finish using C++ and x86/x64 Assembly language in Microsoft Visual Studio. The solution includes a kernel driver project, a DLL project and a C++ test console project.
WindowsKernel/Kernel-Exploits
Kernel Exploits
WindowsKernel/KernelBhop
Cheat that uses a driver instead WinAPI for Reading / Writing memory.
WindowsKernel/EdrKiller
利用 procexp.sys脆弱性 ring0攻击
WindowsKernel/anycall
x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
WindowsKernel/ghost
:ghost: RAT (Remote Access Trojan) - Silent Botnet - Full Remote Command-Line Access - Download & Execute Programs - Spread Virus' & Malware
WindowsKernel/anyvtop
x64 Windows implementation of virtual-address to physical-address translation
WindowsKernel/NoPatchGuardCallback
x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code
WindowsKernel/CVE-2021-21551_
WindowsKernel/CVE-2021-31728
vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.
WindowsKernel/KernelHiddenExecute
Hide codes/data in the kernel address space.
WindowsKernel/Win2K3_NT_net
Windows Server 2K3 NT 5
WindowsKernel/windows-kernel-dll-injector
Kernel mode to user mode dll injection
WindowsKernel/access
Access without a real handle
WindowsKernel/EasyAntiPatchGuard
Easy Anti PatchGuard
WindowsKernel/TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.