Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

Topic: "patchguard"

Mattiwatti/EfiGuard

Disable PatchGuard and Driver Signature Enforcement at boot time

Language: C++ - Size: 605 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 2,074 - Forks: 364

can1357/ByePg

Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.

Language: C++ - Size: 206 KB - Last synced at: 3 months ago - Pushed at: about 6 years ago - Stars: 896 - Forks: 183

hfiref0x/UPGDSED 📦

Universal PatchGuard and Driver Signature Enforcement Disable

Language: C - Size: 1.13 MB - Last synced at: 9 months ago - Pushed at: almost 7 years ago - Stars: 840 - Forks: 261

FiYHer/InfinityHookPro

InfinityHookPro Win7 -> Win11 latest

Language: C++ - Size: 1.59 MB - Last synced at: about 2 years ago - Pushed at: almost 3 years ago - Stars: 412 - Forks: 160

NeoMaster831/kurasagi

Windows 11 24H2-25H2 Runtime PatchGuard Bypass

Language: C++ - Size: 23.7 MB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 209 - Forks: 20

kkent030315/NoPatchGuardCallback 📦

x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code

Language: C - Size: 281 KB - Last synced at: 3 months ago - Pushed at: over 4 years ago - Stars: 206 - Forks: 35

KiFilterFiberContext/warbird-hook

Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard

Language: C++ - Size: 36.1 KB - Last synced at: about 2 years ago - Pushed at: over 3 years ago - Stars: 198 - Forks: 27

DErDYAST1R/NmiCallbackBlocker

Kernel Level NMI Callback Blocker

Language: C++ - Size: 42 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 120 - Forks: 16

4l3x777/dse_pg_bypass

DSE & PG bypass via BYOVD attack

Language: C++ - Size: 8.33 MB - Last synced at: 4 months ago - Pushed at: 6 months ago - Stars: 60 - Forks: 13

rootkitenthusiast/pg-disabler

runtime patchguard disabler (win 10 & 11)

Language: C - Size: 369 KB - Last synced at: 4 months ago - Pushed at: 5 months ago - Stars: 11 - Forks: 4

gmh5225/QuickPGTrigger

The stress testing of your PG bypass [old school project]

Language: C++ - Size: 3.91 KB - Last synced at: 3 months ago - Pushed at: almost 4 years ago - Stars: 10 - Forks: 0

DErDYAST1R/eprocess-dkom-unlinking

EPROCESS Unlinking example in "C" using DKOM Manipulation

Language: C++ - Size: 15.6 KB - Last synced at: 8 months ago - Pushed at: over 1 year ago - Stars: 8 - Forks: 3

rootkitenthusiast/patchedguard

22h2 Windows patchguard runtime disabler.

Language: C - Size: 55.7 KB - Last synced at: 4 months ago - Pushed at: 5 months ago - Stars: 4 - Forks: 2

DErDYAST1R/PsLoadedModuleList-Dkom-Unlinking

PsLoadedModuleList Unlinking through DKOM Manipulation

Size: 4.88 KB - Last synced at: 9 months ago - Pushed at: over 1 year ago - Stars: 4 - Forks: 3

sondernextdoor/Kairos

Kairos is a next-generation, red-team-oriented Windows kernel defense neutralization framework. It combines traditional runtime patching with UEFI persistence, hypervisor-level surveillance, and Secure Kernel deception.

Language: C - Size: 128 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 1 - Forks: 0

RenardDev/BuildEfiGuard

Automatic EfiGuard build using Github Action with replacing GUID, VARIABLE NAME and COOKIE.

Language: C - Size: 19.5 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 0 - Forks: 0

Mauricemaximnobby4k/kurasagi

🛠️ Bypass PatchGuard on Windows 24H2 with `kurasagi`; explore the product branch for detailed documentation and improve your understanding of this critical security feature.

Language: C++ - Size: 17 MB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 0 - Forks: 0

oxunem/NMIBlocker

Demonstration code for intercepting and disabling NMI handling on Intel CPUs in Windows kernel mode.

Language: C++ - Size: 7.81 KB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 0 - Forks: 0

ByteWhite1x1/EDR-bypass-disable-PspNotifyEnableMask

A single byte modification in the kernel memory bypasses and disables all core functions of the AV/EDR security solutions

Language: C - Size: 3.91 KB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

Related Topics
windows 10 kernel 9 bypass 7 kpp 6 driver 5 ntoskrnl 5 undetected 4 exploit 3 pg 3 24h2 2 kernel-patch-protection 2 be 2 blocker 2 eac 2 nmi 2 eprocess 2 process 2 unlinking 2 signing 2 efi 2 win10 2 bootkit 2 uefi 2 dse 2 link 1 un 1 unlink 1 cplusplus 1 runtime 1 windows10 1 dkom 1 list 1 module 1 psloadedmodulelist 1 guard 1 internals 1 patch 1 protection 1 block 1 idt 1 interrupt 1 nmiblock 1 nmiblocker 1 ud 1 vanguard 1 vgk 1 win7 1 win8 1 win11 1 25h2 1 rootkit 1 infinityhook 1 windows-11 1 register-callbacks 1 windows-10 1 microsoft-warbird 1 hook 1 callback 1 c 1 hvci 1 hyperguard 1 bcd 1 abandonware 1 project 1 byovd 1 poc 1 reverse-engineering 1 wdk 1 decom 1 e 1