João Victor's starred repositories
DeadPotato
DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the original GodPotato source code by BeichenDream.
WinAltSyscallHandler
Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999
LayeredSyscall
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
VivienneVMM
VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor.
MiniVisorPkg
The research UEFI hypervisor that supports booting an operating system.
PageTableInjection
Code Injection, Inject malicious payload via pagetables pml4.
windbg-cheat-sheet
My personal cheat sheet for using WinDbg for kernel debugging
ndisapi-rs
Rust crate for interacting with the Windows Packet Filter driver.
process-cloning
The Definitive Guide To Process Cloning on Windows
WindowsInternals
Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book
dearg-thread-ipc-stealth
A novel technique to communicate between threads using the standard ETHREAD structure
thread_namecalling
Process Injection using Thread Name