5 repository-uri
Drivers developed for the purpose of executing memory corruption exploits or low-level system manipulation.
Distinct from Kernel Driver Implementation: Distinct from general kernel driver implementation by focusing on exploitation and offensive primitives rather than filesystem or sensor functionality.
Explore 5 awesome GitHub repositories matching operating systems & systems programming · Offensive Kernel Drivers. Refine with filters or upvote what's useful.
A True Instrumentable Binary Emulation Framework
Emulates and analyzes kernel modules, drivers, and firmware for vulnerability research and security testing.
Blackbone este o colecție de instrumente specializate pentru scanarea memoriei, injectarea în procese și interfețe de drivere kernel utilizate pentru a manipula mediul de execuție Windows. Oferă un framework pentru executarea codului la distanță, maparea imaginilor executabile portabile și gestionarea thread-urilor între diferite limite de proces. Proiectul include un driver de memorie kernel pentru a accesa memoria kernel și a modifica drepturile de manipulare pentru a ascunde alocările de detectarea în user-mode. De asemenea, dispune de o bibliotecă pentru interceptarea apelurilor de funcții în procese la distanță folosind întreruperi software și breakpoint-uri hardware. Toolkit-ul acoperă capabilități mai largi în manipularea memoriei virtuale, cum ar fi citirea, scrierea și alocarea memoriei în procese locale sau la distanță. Oferă, de asemenea, utilitare pentru căutarea de tipare în memorie pentru a localiza secvențe specifice de octeți și gestionarea modulelor pentru injectarea sau ejectarea binarilor.
Implements a kernel-mode driver for low-level system manipulation and hiding memory allocations from detection.
This project is a red teaming knowledge base and offensive security playbook designed to simulate adversary behavior. It serves as a comprehensive collection of technical guides and tactics for executing red team operations. The repository provides detailed instructions for Active Directory exploitation, including Kerberos abuse and domain privilege escalation. It covers defense evasion through API unhooking and payload obfuscation, as well as Windows internals research involving the manipulation of kernel objects and system memory. The capability surface extends to network penetration testi
Provides technical guides for developing kernel drivers to manipulate system internals and execute exploits.
OffensiveRust is a red team toolkit and malware development kit written in Rust. It serves as an evasion framework and post-exploitation library, providing a collection of offensive security primitives and a Windows API wrapper for interacting with low-level system functions and undocumented APIs. The project focuses on bypassing security software through direct system calls, memory obfuscation, and stealthy payload execution. It implements techniques to defeat static binary analysis via compile-time string encryption and payload obfuscation, while avoiding detection using parent process ID s
Creates Windows kernel drivers to implement low-level system functionality and execute memory corruption exploits.
kdmapper is a kernel driver mapper and loader designed to deploy unsigned binaries into privileged kernel memory. It functions as a manual mapper that resolves imports and relocations to execute unsigned code in a privileged environment. The tool bypasses driver signature enforcement by leveraging vulnerable signed drivers to gain write access to protected kernel memory regions. It includes a kernel offset resolver that parses debug symbol files to identify correct memory addresses across different operating system builds. To maintain stealth, the project implements driver trace obfuscation
Implements memory table scrubbing and driver list removal to hide the presence of manually loaded binaries.