astra-io's Stars
memN0ps/eagle-rs
Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)
armvirus/CosMapper
Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.
IcEy-999/Drv_Hide_And_Camouflage
zareprj/JAV-AV-Engine
An av windows engine with file guard and compress file enumator
DeviceObject/rk2017
aci1337/test-driver
huoji120/goodeye
https://githacks.org/Shawick/goodeye.git
btbd/access
Access without a real handle
ContionMig/KernelMode-Bypass
This is a source to a bypass i made for some games, for now this should work f or VAC, BE and EAC. The only downside is that you will need to find a exploit to load the driver
aweMinchoo/anti_all_in_one
尽量汇聚反调试资源和利用对抗技术
keystone-engine/keystone
Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
lem0nSec/KBlast
Windows Kernel Offensive Toolset
yo-yo-yo-jbo/hotkeyz
Hotkey-based keylogger for Windows
annihilatorq/shadow_syscall
windows syscalls with a single line and a high level of abstraction. has modern cpp20 wrappers and utilities, range-based DLL and export enumeration, wrapper around kuser_shared_data. supported compilers: clang, gcc and msvc
0x00Alchemist/PicoHook
Small driver that uses alternative syscalls feature (the project is still under development).
fengjixuchui/gdrv-loader
Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities) to load a unsigned driver
iomeone/pwn3d_align
Hooking Shadow and normal SSDT with Kaspersky Hypervisor and abusing alignment
jthuraisamy/SysWhispers
AV/EDR evasion via direct system calls.
KameronHawk/Kernel-VAD-Injector
Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver
j00ru/windows-syscalls
Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)
Oxygen1a1/InfinityHook_latest
etw hook (syscall/infinity hook) compatible with the latest Windows version of PG
ThomasonZhao/InfinityHookProMax
InfinityHookProMax: Make InfinityHook great great again
hwzi/NGS-Emulator
A full emulator bypass for NexonGameSecurity, written in 2015, last updated in 2016/17.
nbs32k/inline-syscall
Inline syscalls made for MSVC supporting x64 and WOW64
FiYHer/InfinityHookPro
InfinityHookPro Win7 -> Win11 latest
zhuhuibeishadiao/Kernelmode-manual-mapping-through-IAT
Manual mapping without creating any threads, with rw only access
zhuhuibeishadiao/hwid
HWID spoofer
zhuhuibeishadiao/PG1903
zhuhuibeishadiao/Navy_public
轻量级自动分析病毒程序调用上下文、游戏反调试实现技术平台
zhuhuibeishadiao/infhook19041