gobbodev

gobbodev's Stars

• sunner/ChatALL

  Concurrently chat with ChatGPT, Bing Chat, Bard, Alpaca, Vicuna, Claude, ChatGLM, MOSS, 讯飞星火, 文心一言 and more, discover the best answers

  Language:JavaScript15.1k1255371.6k

• maharmstone/quibble

  Quibble - the custom Windows bootloader

  Language:C2.1k5711081

• ldpreload/BlackLotus

  BlackLotus UEFI Windows Bootkit

  Language:C1.9k2921459

• Mattiwatti/EfiGuard

  Disable PatchGuard and Driver Signature Enforcement at boot time

  Language:C++1.8k50123333

• mitsuhiko/self-replace

  Utility library that helps to implement processes that replace themselves

  Language:Rust59741122

• nop-tech/OSED

  Containing my notes, practice binaries + solutions, blog posts, etc. for the Offensive Security Exploit Developer (OSED/EXP-301)

  542122122

• namazso/MagicSigner

  Signtool for expired certificates

  Language:C++44312148

• awslabs/snapchange

  Lightweight fuzzing of a memory snapshot using KVM

  Language:Rust43612527

• GetRektBoy724/SharpUnhooker

  C# Based Universal API Unhooker

  Language:C#3934477

• realoriginal/bootlicker

  A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.

  Language:C39112283

• huntandhackett/process-cloning

  The Definitive Guide To Process Cloning on Windows

  Language:C3864032

• 0xTriboulet/Revenant

  Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework

  Language:C3679042

• TheCruZ/EFI_Driver_Access

  Efi Driver Access is a simply project to load a driver during system boot with the idea to give the user kernel access for read/write memory without restrictions

  Language:C354101263

• Xyrem/HyperDeceit

  HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate operating system tasks with ease.

  Language:C++3508162

• SamuelTulach/negativespoofer

  PoC HWID spoofer that runs in EFI

  Language:C++272151071

• Xyrem/Yumekage

  Demo proof of concept for shadow regions, and implementation of HyperDeceit.

  Language:C++2588541

• Idov31/Jormungandr

  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.

  Language:C++2185026

• waryas/EUPMAccess

  This DKOM exploit enables any app in usermode to access physical memory directly

  Language:C++21511354

• nccgroup/DetectWindowsCopyOnWriteForAPI

  Enumerate various traits from Windows processes as an aid to threat hunting

  Language:C++17912431

• thefLink/Hunt-Weird-Syscalls

  ETW based POC to identify direct and indirect syscalls

  Language:C++1712018

• zer0condition/ZeroThreadKernel

  Recursive and arbitrary code execution at kernel-level without a system thread creation

  Language:C++1506030

• hrbust86/HookMsrBySVM

  hook msr by amd svm

  Language:C++1189056

• 0mWindyBug/KDP-compatible-driver-loader

  KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys

  Language:C11631023

• GetRektBoy724/KPDB

  Windows PDB parser for kernel-mode environment.

  Language:C835016

• gabriellandau/ShadowStackWalk

  Finding Truth in the Shadows

  Language:C++81308

• 0prrr/Malwear-Sweet

  Malware?

  Language:C694010

• zodiacon/DbgPrint

  Debug Print viewer (user and kernel)

  Language:C++625311

• GetRektBoy724/SyscallShuffler

  Your NTDLL vaccine from modern direct syscall methods.

  Language:C#35208

• benheise/ANGRYORCHARD

  A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.

  Language:C270034

• mrgian/heartbleed

  💔 Heartbleed vulnerability exploit written in Rust

  Language:Rust4100