Universal PatchGuard and Driver Signature Enforcement Disable

Ransomware detection application for Windows using Windows Minifilter driver

Snort++

Nmap Project's Windows packet capture and transmission library

Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.

Hiding the window from screenshots using the function win32kfull::GreProtectSpriteContent

Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL

Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.

KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK

The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).

Fast and lightweight x86/x86-64 disassembler and code generation library

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

Disable PatchGuard and Driver Signature Enforcement at boot time

proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC

Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.

Windows memory hacking library

State-of-the-art native debugging tools