Starred repositories
The Windows Kernel Programming book samples
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
Example applications using the wolfSSL lightweight SSL/TLS library
openssl-1.1 Windows build with Visual Studio.
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)
The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).
KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK
Packet capture on Windows without a kernel driver
A layer that hide, redirect. forward, re-encrypt internet packet to keep VPN, Proxies and other p2p software hidden from Firewall. Free implementation for HTTP-Tunnel, UDP-Tunnel, port forwarding, …
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
The code is a pingback to the Dark Vortex blog:
different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)
SoftICE-like kernel debugger for Windows 11
PoC Implementation of a fully dynamic call stack spoofer
UAC bypass for x64 Windows 7 - 11
Clone of zerosum0x0's Windows Kernel rootkit written in Rust
Run PowerShell with rundll32. Bypass software restrictions.