PoCs for Kernelmode rootkit techniques research.

Enumerating and removing kernel callbacks using signed vulnerable drivers

HWID Spoofer which spoofs disk serials, smart disk serials and SMBIOS.

PoC Anti-Rootkit/Anti-Cheat Driver.

HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.

My personal cheat sheet for using WinDbg for kernel debugging

Hardcore Debugging

A matrix of memory corruption mitigations

Internals information about Hyper-V

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

Intel, AMD, VIA & Freescale Microcode Extraction Tool

UEFI and SMM Assessment Tool

EMBA - The firmware security analyzer

Parse BIOS/Intel ME/UEFI firmware related structures: Volumes, FileSystems, Files, etc

KVM-based Virtual Machine Introspection

Intel / AMD CPU Internals

repository for kernel exploit practice

A collection of links related to Linux kernel security and exploitation

Kernel exploitation technique

Application Kernel for Containers

bpflock - eBPF driven security for locking and auditing Linux machines

Intel Engine & Graphics Firmware Analysis Tool

"Das U-Boot" Source Tree

This Linux kernel module is designed to provide a new service that allows to substitute multi-byte NOPs encountered along the execution trace of any intyerrupt handler with CALLs to functions speci…

A linux kernel funtions hooking module

A Systemwide memory monitoring interface for linux

A (GCC) compiler plugin for multiversing functions

A little bit about a linux kernel

Breaking Secure Boot with SMM

Main repository of KEDR project