• Stars
    star
    150
  • Rank 247,323 (Top 5 %)
  • Language
    C++
  • License
    GNU General Publi...
  • Created about 3 years ago
  • Updated about 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

RestrictedKernelLeaks

List of KASLR bypass techniques in Windows 10 kernel.

  1. ZwQuerySystemInformation/SystemModuleInformation

  2. ZwQuerySystemInformation/SystemModuleInformationEx

  3. ZwQuerySystemInformation/SystemProcessInformation

  4. ZwQuerySystemInformation/SystemExtendedProcessInformation

  5. ZwQuerySystemInformation/SystemSessionProcessInformation

  6. ZwQuerySystemInformation/SystemLocksInformation

  7. ZwQuerySystemInformation/SystemHandleInformation

  8. ZwQuerySystemInformation/SystemExtendedHandleInformation

  9. ZwQuerySystemInformation/SystemObjectInformation

  10. ZwQuerySystemInformation/SystemBigPoolInformation

  11. ZwQuerySystemInformation/SystemSessionBigPoolInformation

  12. ZwQueryInformationProcess/ProcessHandleTracing

  13. ZwQueryInformationProcess/ProcessWorkingSetWatch

  14. ZwQueryInformationProcess/ProcessWorkingSetWatchEx

N.B. These techniques are only valid from outside the sandbox.

More Repositories

1

SimpleNTSyscallFuzzer

C++
128
star
2

VBAMacroPWD

Python scripts to remove, change, and crack Office 97-2003/Office 2007/Office 2010/Office 2013 Macro Passwords
Python
125
star
3

antidebug

Collection Of Anti-Debugging Tricks
C++
96
star
4

SyscallNumberFinder

C++
32
star
5

SyscallNumberExtractor

C++
23
star
6

CVE-2021-1656

C++
22
star
7

vbDetectVirtualBox

A VBScript for detecting VirtualBox
Visual Basic
20
star
8

ALPC_CLIENT_SERVER

Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.
C++
20
star
9

TimeDateStamp

Discover TimeDateStamps In PE File
C++
15
star
10

CVE-2021-1699

POC for CVE-2021-1699
C++
15
star
11

CVE-2022-24483

POC For CVE-2022-24483
C++
14
star
12

CVE-2021-24098

POC for CVE-2021-24098
C++
12
star
13

KeCreateEnclave_NullPtr_Dereference_DOS

C++
12
star
14

ObpCreateSymbolicLinkName_EoP

C++
11
star
15

PEChecksum

C++
9
star
16

ProcessExplorer_Hidden_DllName

C++
9
star
17

NtInitializeEnclave_DoS_POC

C++
8
star
18

PDF

A simple python script that parses PDF files
Python
7
star
19

ProcessExplorerProcessNameDoS

C++
6
star
20

Call64

Bypass Wow64 Emulation Layer
C++
5
star
21

PartitionCreator

C++
4
star
22

ShellLink

Script for parsing and manipulating .LNK files
Python
4
star
23

CoffParser

A small python script that parses COFF .Obj files
Python
4
star
24

SilentAttach

An OllyDbg Plugin
C++
4
star
25

ProcessExplorerObjectNameDoS

C++
4
star
26

SWF

Some python scripts for handling SWF files
Python
3
star
27

PiControlQueryConflictList_bug

C++
3
star
28

PassiveDNS

A simple python script that implements Passive DNS
Python
3
star
29

ollytlscatch

Automatically exported from code.google.com/p/ollytlscatch
3
star
30

DOC

Some python scripts for parsing Microsoft Office Documents
Python
3
star
31

WinObjCrash1

C++
3
star
32

PNG

Some python scripts for handling PNG files
Python
2
star
33

MyDumper64

C++
2
star
34

NtManagePartition_DPC_WATCHDOG_VIOLATION

C++
2
star
35

NeverShowExt

C Project For Detecting All Invisible Windows File Extensions.
HTML
2
star
36

GIF

Some python scripts for handling GIF files
Python
2
star
37

MiddleEastMalware

Samples, Analysis, Scripts, etc of malware seen in the Middle East
2
star
38

NativeDebugger

Code to demonstrate how to use native NT syscalls to create a debugger
C++
2
star
39

MISC

Python
2
star
40

WinObj

C++
2
star
41

RTF

Some python scripts for manipulating RTF documents
Python
2
star
42

CVE-2021-31184

C++
2
star
43

PrivateNamespace

C++
2
star
44

LibExtractor

A simple python script to parse and extract data from static and import libraries
Python
2
star
45

NtPssCaptureVaSpaceBulk

How to use the new "NtPssCaptureVaSpaceBulk" syscall.
C++
2
star
46

NduRegisterInterfaceByteCountLimitExceeded_Bug

C
2
star
47

TokenPrivilegeAssigner

C++
2
star
48

parse-job-file

Python script for parsing .job files
Python
1
star
49

ExtractRFC2397Files

A python script to extract files embedded in the form of "data:image/png;base64,.....
HTML
1
star
50

EML

Some python scripts for manipulating EML files
Python
1
star
51

NtCreateXStateChange

Code to show how to use new NtCreateProcessStateChange/NtCreateThreadStateChange syscalls
C
1
star