shaygitub's starred repositories
windows-internals
My notes while studying Windows internals
windows-exploitation
My notes while studying Windows exploitation
Stealthy-Kernelmode-Injector
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)
Prevent_File_Deletion
Record & prevent file deletion in kernel mode
BackupFilter
backup your documents
KeystrokeSniffer
a windows kernel keylogger that works
MinifilterHook
silence file system monitoring components by hooking their minifilters
GhostMapperUM
manual map unsigned driver over signed memory
windows-rootkit
windows rootkit
WindowsRegistryRootkit
Kernel rootkit, that lives inside the Windows registry values data
WinDbg_Scripts
Useful scripts for WinDbg using the debugger data model
systeminformer
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
SimpleVisor
SimpleVisor is a simple, portable, Intel VT-x hypervisor with two specific goals: using the least amount of assembly code (10 lines), and having the smallest amount of VMX-related code to support dynamic hyperjacking and unhyperjacking (that is, virtualizing the host state from within the host). It works on Windows and UEFI.
InfinityHook
Hook system calls, context switches, page faults and more.
SyscallHook
System call hook for Windows 10 20H1
loldrivers-client
Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io