Windows driver developped following the zeropointsecuriry training, in order to understand kernel mechanisms, and user-land kernel land windows interaction.
The functionnalities implemented :
- Modify processus protection ( protecting/unprotecting)
- Modify processus privileges
- Modify the DSE policy
- Callbacks manipulations (used by AV, EDR and system monitoring applications)