shaygitub's repositories
DriverHunter
this repo holds entries for vulnurable drivers i decided to reverse engineer on my own, these are usually based on logical vulnurabilities that were caused by bad driver writing skills
ShminiFilter
This is a minifilter driver customized to protect against several filesystem operations (currently: IRP_MJ_READ, IRP_MJ_WRITE, IRP_MJ_DIRECTORY_CONTROL, IRP_MJ_SET_INFORMATION, IRP_MJ_CREATE, IRP_MJ_CLEANUP, IRP_MJ_FILE_SYSTEM_CONTROL)
NiceDrivers
this repo holds some drivers im planning/working on/finished. these are made for 22H2 for when specific offsets are required
windows-rootkit
windows rootkit
ProtectionSolution
This is the AV ("protection solution") used for my windows 10 rootkit main project. this includes the installer stager program, a service to perform automatic UM operations on boot and the protection driver used for SSDT, inline hooks detection, hidden processes by DKOM, vulnurable drivers validation and others.
ExtraStuffBlog
blog about extra stuff-OSs, windows kernel, virtualization and other stuff. stuff.
ShayMapper
ShayMapper is a major part of my windows rootkit project that is used to map my main KMDF driver stealthly and can be used to map other drivers.
Kernel-Exploits
these are several kernel exploits that are based on unchecked IOCTL requests sent to signed drivers. most of these work correctly but did not match my current use case (main project) but i still wanted to record it as its a big part from learning reversing and kernel exploits for me.
VulnDrvScan
this simple tool scans drivers for potential arbitrary writing vulnurabilities using their IAT. this tool was used as part of my windows rootkit to initially search for vulnurable drivers to exploit (before using CVE database)
ShayCrypt
my cryptographic algorithm that incorporates different algorithms together
bittorrent
rep for my bittorrent client