patchguard

There are 4 repositories under patchguard topic.

• EfiGuard

  Mattiwatti / EfiGuard

  Disable PatchGuard and Driver Signature Enforcement at boot time

  bootkitdriverefikernelpatchguardsigninguefiwindows
  Language:C++ 2165

• can1357 / ByePg

  Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.

  exploitkernelpatchguardwindows
  Language:C++ 895

• hfiref0x / UPGDSED

  Universal PatchGuard and Driver Signature Enforcement Disable

  patchguardkppbcddseabandonwarec
  Language:C 855

• FiYHer / InfinityHookPro

  InfinityHookPro Win7 -> Win11 latest

  infinityhookhookpatchguardrootkitkerneldriverwin7win8win10win11
  Language:C++ 545

• KiFilterFiberContext / warbird-hook

  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard

  microsoft-warbirdpatchguard
  Language:C++ 255

• NeoMaster831 / kurasagi

  Windows 11 24H2-25H2 Runtime PatchGuard Bypass

  24h2bypasskpppatchguardpgwindowswindows-11kernel-patch-protection25h2
  Language:C++ 209

• kkent030315 / NoPatchGuardCallback

  x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code

  windowswindows-10kernelpatchguardregister-callbackskpp
  Language:C 208

• DErDYAST1R / NmiCallbackBlocker

  Kernel Level NMI Callback Blocker

  beblockerbypasscallbackdrivereacexploithvcihyperguardnmintoskrnlpatchguardprojectundetectedwindows
  Language:C++ 129

• zhutingxf / InfinityHookPro

  InfinityHook 支持Win7 到 Win11 最新版本，虚拟机环境及物理机环境

  hookinifinityhookpatchguard
  Language:C++ 90

• 4l3x777 / dse_pg_bypass

  DSE & PG bypass via BYOVD attack

  byovddsepatchguardpocreverse-engineering
  Language:C++ 66

• rootkitenthusiast / pg-disabler

  runtime patchguard disabler (win 10 & 11)

  kernelntoskrnlpatchguardwdkwin10
  Language:C 12

• DErDYAST1R / eprocess-dkom-unlinking

  EPROCESS Unlinking example in "C" using DKOM Manipulation

  decomeeprocesslinkntoskrnlpatchguardprocessunundetectedunlinkunlinking
  Language:C++ 10

• gmh5225 / QuickPGTrigger

  The stress testing of your PG bypass [old school project]

  pgpatchguard
  Language:C++ 10

• ByteWhite1x1 / EDR-bypass-disable-PspNotifyEnableMask

  A single byte modification in the kernel memory bypasses and disables all core functions of the AV/EDR security solutions

  bypasspatchguard
  Language:C 7

• DErDYAST1R / PsLoadedModuleList-Dkom-Unlinking

  PsLoadedModuleList Unlinking through DKOM Manipulation

  dkomeprocesslistmodulentoskrnlpatchguardprocesspsloadedmodulelistundetectedunlinking
  5

• sondernextdoor / Kairos

  Kairos is a next-generation, red-team-oriented Windows kernel defense neutralization framework. It combines traditional runtime patching with UEFI persistence, hypervisor-level surveillance, and Secure Kernel deception.

  bypassguardinternalskernelkpppatchpatchguardprotectionwindows
  Language:C 5

• cedricg-mirror / KDCOM

  Small modifications from BugChecker, build a KDCOM.dll to lure the Windows Kernel into believing that it is beeing debugged to deactivate PatchGuard

  patchguard
  Language:C++ 4

• rootkitenthusiast / patchedguard

  22h2 Windows patchguard runtime disabler.

  bypasscpluspluskernelkpppatchguardruntimewindowswindows10
  Language:C 4

• oxunem / NMIBlocker

  Demonstration code for intercepting and disabling NMI handling on Intel CPUs in Windows kernel mode.

  driverkernelnmiwindowsnmiblocknmiblockerbeblockblockerbypasseacexploitidtntoskrnlpatchguardudundetectedvanguardvgkinterrupt
  Language:C++ 2

• RenardDev / BuildEfiGuard

  Automatic EfiGuard build using Github Action with replacing GUID, VARIABLE NAME and COOKIE.

  bootkitdriverefikernelpatchguardsigninguefiwindows
  Language:C 1