zer0condition

Kernel / Hypervisor / Security Researcher

Pinned Repositories

Demystifying-PatchGuard
Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unauthorized modifications to the Windows kernel. The analysis is done through practical engineering, with a focus on understanding PatchGuard's inner workings.
Language:C100 6 123
GDRVLib
Virtual and physical memory hacking library using gigabyte vulnerable driver
Language:C++71 6 225
GDRVLoader
Unsigned driver loader using CVE-2018-19320
Language:C189 8 1048
IDTHook-x86
Detour hooking IRQ1 ISR through IDT (Interrupt Descriptor Table)
Language:C++17 2 010
mhydeath
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
Language:C++373 6 464
NVDrv
Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
Language:C++235 5 170
ReverseKit
x64 Dynamic Reverse Engineering Toolkit
Language:C++583 14 289
Reversing-a-signed-driver
Reverse Engineering a signed kernel driver packed and virtualized with VMProtect 3.6
Language:C++102 2 126
ZeroHVCI
Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.
Language:C157 4 027
ZeroThreadKernel
Recursive and arbitrary code execution at kernel-level without a system thread creation
Language:C++152 6 028

zer0condition's Repositories

zer0condition/ReverseKit
x64 Dynamic Reverse Engineering Toolkit
Language:C++583 14 289
zer0condition/mhydeath
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
Language:C++373 6 464
zer0condition/NVDrv
Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
Language:C++235 5 170
zer0condition/GDRVLoader
Unsigned driver loader using CVE-2018-19320
Language:C189 8 1048
zer0condition/ZeroHVCI
Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.
Language:C157 4 027
zer0condition/ZeroThreadKernel
Recursive and arbitrary code execution at kernel-level without a system thread creation
Language:C++152 6 028
zer0condition/Reversing-a-signed-driver
Reverse Engineering a signed kernel driver packed and virtualized with VMProtect 3.6
Language:C++102 2 126
zer0condition/Demystifying-PatchGuard
Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unauthorized modifications to the Windows kernel. The analysis is done through practical engineering, with a focus on understanding PatchGuard's inner workings.
Language:C100 6 123
zer0condition/GDRVLib
Virtual and physical memory hacking library using gigabyte vulnerable driver
Language:C++71 6 225
zer0condition/IDTHook-x86
Detour hooking IRQ1 ISR through IDT (Interrupt Descriptor Table)
Language:C++17 2 010
zer0condition/CritBSOD
Abusing RtlAdjustPrivilege and NtSetInformationProcess to cause a BSOD from usermode
Language:C++14 3 08
zer0condition/memoryPy
Language:Python6 1 04
zer0condition/ia32-doc
IA32-doc is a project which aims to put as many definitions from the Intel Manual into machine-processable format as possible
Language:C1 0 01
zer0condition/WRK
The Windows Research Kernel (WRK)
Language:C1 0 01

zer0condition

Pinned Repositories

Demystifying-PatchGuard

GDRVLib

GDRVLoader

IDTHook-x86

mhydeath

NVDrv

ReverseKit

Reversing-a-signed-driver

ZeroHVCI

ZeroThreadKernel

zer0condition's Repositories

zer0condition/ReverseKit

zer0condition/mhydeath

zer0condition/NVDrv

zer0condition/GDRVLoader

zer0condition/ZeroHVCI

zer0condition/ZeroThreadKernel

zer0condition/Reversing-a-signed-driver

zer0condition/Demystifying-PatchGuard

zer0condition/GDRVLib

zer0condition/IDTHook-x86

zer0condition/CritBSOD

zer0condition/memoryPy

zer0condition/ia32-doc

zer0condition/WRK