xrv3ovl's repositories
acdrv
base for testing
BlackLotus
BlackLotus UEFI Windows Bootkit
cpplox
cpplox is a Lox interpreter & LLVM compiler written in C++
Dsebler
Reimplementation of the KExecDD DSE bypass technique.
etw_hook_latest
etw hook (syscall/infinity hook) compatible with the latest Windows version of PG
GhostlyHollowingViaTamperedSyscalls
Implementing the ghostly hollowing PE injection technique using tampered syscalls.
Hades-Windows
Purity toolsHades A HIDS is designed run on Windows
IoCreateDriver
IoCreateDriver Implementation and it can be handful if you're trying to bypass anticheats
KDP-compatible-driver-loader
KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys
Malware_Specimens
This GitHub repository contains benign specimens; however, the techniques demonstrated herein could potentially be exploited for malicious purposes. Exercise discretion and responsibility in their usage. I disclaim any liability for actions resulting from your utilization of this content.
memhv
Minimalistic hypervisor with memory introspection capabilities
modern-cpp-template
A template for modern C++ projects using CMake, Clang-Format, CI, unit testing and more, with support for downstream inclusion.
MSFT_DriverBlockList
Repository of Microsoft Driver Block Lists based off of OS-builds
nefcon
Windows device driver installation and management tool.
Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
rtypes
A simple but useful project maybe help you reverse Windows.
SentinelBruh
Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution
SkarDriver
IOCTL Dispatch driver to rw mem and more, the last version was used all over the community so i deicded to reamek the usermode (and km ;)). This is meant to learn and hope u learn shit from the kernel mode documentation i did
superfetch
Translate virtual addresses to physical addresses from usermode.
VasieDrv
Simple .data ptr driver Maybe someone can learn from it idk
Win11Debloat
A simple, easy to use powershell script to remove bloatware apps from windows, disable telemetry, bing in windows search aswell as perform various other changes to declutter and improve your windows experience. This script works for both windows 10 and windows 11.
yextend
Yara integrated software to handle archive file data.