Repository navigation
kernel-driver
- Website
- Wikipedia
Windows paravirtualized drivers for QEMU\KVM
AV/EDR Evasion Lab for Training & Learning Purposes
Writing & Making Operating System and Kernel parts so simple like Hello World Programs, Starting from writing Bootloaders, Hello World Kernel, GDT, IDT, Terminal, Keyboard/Mouse, Memory Manager, HDD ATA R/W, VGA/VESA Graphics
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
Linux kernel driver for Wacom devices
kernel mode anti cheat
protector & obfuscator & code virtualizer
C++ STL in the Windows Kernel with C++ Exception Support
The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracker but has several enhancements. It supports 64-bit versions of Windows (no inline hooks are used, only moodifications to driver object structures are performed) and monitors IRP, FastIo, AddDevice, DriverUnload and StartIo requests.
Simple Intel CPU processor tracing on Linux
DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers
RedSails is a Python based post-exploitation project aimed at bypassing host based security monitoring and logging. DerbyCon 2017 Talk: https://www.youtube.com/watch?v=Ul8uPvlOsug
CMake module for building drivers with Windows Development Kit (WDK)
This repository is a journey through Operating System concepts, with practical implementations in C. Each day focuses on a specific topic, providing theoretical understanding and hands-on coding experience.
Windows x64 kernel mode rootkit process hollowing POC.
C/C++ Runtime library for system file (Windows Kernel Driver) - Supports Microsoft STL
DragonBurn is one of the best CS2 kernel mode read only external cheats. It has ton of features, full customization and offsets auto update. Undetected by all anti-cheats except faceit.
Tutorial & a blog post that demonstrate how to code a Windows driver to inject a custom DLL into all running processes. I coded it from start to finish using C++ and x86/x64 Assembly language in Microsoft Visual Studio. The solution includes a kernel driver project, a DLL project and a C++ test console project.
Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
Access Arm64 CPU system registers