Pinned Repositories
Demystifying-PatchGuard
Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unauthorized modifications to the Windows kernel. The analysis is done through practical engineering, with a focus on understanding PatchGuard's inner workings.
GDRVLib
Virtual and physical memory hacking library using gigabyte vulnerable driver
GDRVLoader
Unsigned driver loader using CVE-2018-19320
IDTHook-x86
Detour hooking IRQ1 ISR through IDT (Interrupt Descriptor Table)
mhydeath
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
NVDrv
Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
ReverseKit
x64 Dynamic Reverse Engineering Toolkit
Reversing-a-signed-driver
Reverse Engineering a signed kernel driver packed and virtualized with VMProtect 3.6
ZeroHVCI
Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.
ZeroThreadKernel
Recursive and arbitrary code execution at kernel-level without a system thread creation
zer0condition's Repositories
zer0condition/ReverseKit
x64 Dynamic Reverse Engineering Toolkit
zer0condition/mhydeath
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
zer0condition/NVDrv
Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
zer0condition/GDRVLoader
Unsigned driver loader using CVE-2018-19320
zer0condition/ZeroHVCI
Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.
zer0condition/ZeroThreadKernel
Recursive and arbitrary code execution at kernel-level without a system thread creation
zer0condition/Demystifying-PatchGuard
Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unauthorized modifications to the Windows kernel. The analysis is done through practical engineering, with a focus on understanding PatchGuard's inner workings.
zer0condition/Reversing-a-signed-driver
Reverse Engineering a signed kernel driver packed and virtualized with VMProtect 3.6
zer0condition/GDRVLib
Virtual and physical memory hacking library using gigabyte vulnerable driver
zer0condition/IDTHook-x86
Detour hooking IRQ1 ISR through IDT (Interrupt Descriptor Table)
zer0condition/CritBSOD
Abusing RtlAdjustPrivilege and NtSetInformationProcess to cause a BSOD from usermode
zer0condition/memoryPy
zer0condition/DriverPEScan
Parse all driver PEs in current directory to scan for certain characteristics or section names
zer0condition/ia32-doc
IA32-doc is a project which aims to put as many definitions from the Intel Manual into machine-processable format as possible
zer0condition/WRK
The Windows Research Kernel (WRK)