gobbodev's Stars
sunner/ChatALL
Concurrently chat with ChatGPT, Bing Chat, Bard, Alpaca, Vicuna, Claude, ChatGLM, MOSS, 讯飞星火, 文心一言 and more, discover the best answers
maharmstone/quibble
Quibble - the custom Windows bootloader
ldpreload/BlackLotus
BlackLotus UEFI Windows Bootkit
Mattiwatti/EfiGuard
Disable PatchGuard and Driver Signature Enforcement at boot time
mitsuhiko/self-replace
Utility library that helps to implement processes that replace themselves
nop-tech/OSED
Containing my notes, practice binaries + solutions, blog posts, etc. for the Offensive Security Exploit Developer (OSED/EXP-301)
namazso/MagicSigner
Signtool for expired certificates
awslabs/snapchange
Lightweight fuzzing of a memory snapshot using KVM
GetRektBoy724/SharpUnhooker
C# Based Universal API Unhooker
realoriginal/bootlicker
A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.
huntandhackett/process-cloning
The Definitive Guide To Process Cloning on Windows
0xTriboulet/Revenant
Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework
TheCruZ/EFI_Driver_Access
Efi Driver Access is a simply project to load a driver during system boot with the idea to give the user kernel access for read/write memory without restrictions
Xyrem/HyperDeceit
HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate operating system tasks with ease.
SamuelTulach/negativespoofer
PoC HWID spoofer that runs in EFI
Xyrem/Yumekage
Demo proof of concept for shadow regions, and implementation of HyperDeceit.
Idov31/Jormungandr
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
waryas/EUPMAccess
This DKOM exploit enables any app in usermode to access physical memory directly
nccgroup/DetectWindowsCopyOnWriteForAPI
Enumerate various traits from Windows processes as an aid to threat hunting
thefLink/Hunt-Weird-Syscalls
ETW based POC to identify direct and indirect syscalls
zer0condition/ZeroThreadKernel
Recursive and arbitrary code execution at kernel-level without a system thread creation
hrbust86/HookMsrBySVM
hook msr by amd svm
0mWindyBug/KDP-compatible-driver-loader
KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys
GetRektBoy724/KPDB
Windows PDB parser for kernel-mode environment.
gabriellandau/ShadowStackWalk
Finding Truth in the Shadows
0prrr/Malwear-Sweet
Malware?
zodiacon/DbgPrint
Debug Print viewer (user and kernel)
GetRektBoy724/SyscallShuffler
Your NTDLL vaccine from modern direct syscall methods.
benheise/ANGRYORCHARD
A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.
mrgian/heartbleed
💔 Heartbleed vulnerability exploit written in Rust