5 个仓库
Drivers developed for the purpose of executing memory corruption exploits or low-level system manipulation.
Distinct from Kernel Driver Implementation: Distinct from general kernel driver implementation by focusing on exploitation and offensive primitives rather than filesystem or sensor functionality.
Explore 5 awesome GitHub repositories matching operating systems & systems programming · Offensive Kernel Drivers. Refine with filters or upvote what's useful.
A True Instrumentable Binary Emulation Framework
Emulates and analyzes kernel modules, drivers, and firmware for vulnerability research and security testing.
Blackbone 是一套专门用于内存扫描、进程注入和内核驱动接口的工具集合,用于操纵 Windows 执行环境。它提供了一个用于执行远程代码、映射可执行映像以及跨不同进程边界管理线程的框架。 该项目包含一个内核内存驱动程序,用于访问内核内存并修改句柄权限,从而在用户模式检测中隐藏分配。它还具有一个库,用于使用软件中断和硬件断点拦截远程进程中的函数调用。 该工具包涵盖了虚拟内存操作的更广泛功能,例如在本地或远程进程中读取、写入和分配内存。它还提供了用于定位特定字节序列的内存模式搜索实用程序,以及用于注入或卸载二进制文件的模块管理功能。
Implements a kernel-mode driver for low-level system manipulation and hiding memory allocations from detection.
本项目是一个红队知识库和进攻性安全手册,旨在模拟对手行为。它作为技术指南和战术的综合集合,用于执行红队行动。 该存储库提供了 Active Directory 渗透测试的详细说明,包括 Kerberos 滥用和域权限提升。它涵盖了通过 API 解钩 (unhooking) 和载荷混淆进行的防御规避,以及涉及内核对象和系统内存操作的 Windows 内部研究。 功能范围扩展到网络渗透测试、恶意软件分析与工程,以及进攻性安全基础设施的部署。它还包括在企业环境中进行横向移动、持久化和数据外泄的方法。
Provides technical guides for developing kernel drivers to manipulate system internals and execute exploits.
OffensiveRust is a red team toolkit and malware development kit written in Rust. It serves as an evasion framework and post-exploitation library, providing a collection of offensive security primitives and a Windows API wrapper for interacting with low-level system functions and undocumented APIs. The project focuses on bypassing security software through direct system calls, memory obfuscation, and stealthy payload execution. It implements techniques to defeat static binary analysis via compile-time string encryption and payload obfuscation, while avoiding detection using parent process ID s
Creates Windows kernel drivers to implement low-level system functionality and execute memory corruption exploits.
kdmapper is a kernel driver mapper and loader designed to deploy unsigned binaries into privileged kernel memory. It functions as a manual mapper that resolves imports and relocations to execute unsigned code in a privileged environment. The tool bypasses driver signature enforcement by leveraging vulnerable signed drivers to gain write access to protected kernel memory regions. It includes a kernel offset resolver that parses debug symbol files to identify correct memory addresses across different operating system builds. To maintain stealth, the project implements driver trace obfuscation
Implements memory table scrubbing and driver list removal to hide the presence of manually loaded binaries.