GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → can1357 → Byepg

can1357 / Byepg

Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI

Labels

windowskernelexploit

Projects that are alternatives of or similar to Byepg

Cve 2014 0038
Linux local root exploit for CVE-2014-0038
Stars: ✭ 193 (-58.67%)
Mutual labels:  kernel, exploit
H Encore
Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.68
Stars: ✭ 968 (+107.28%)
Mutual labels:  kernel, exploit
Anticheat Testing Framework
Framework to test any Anti-Cheat
Stars: ✭ 481 (+3%)
Mutual labels:  kernel, exploit
Kernel Exploits
Various kernel exploits
Stars: ✭ 397 (-14.99%)
Mutual labels:  kernel, exploit
Exploit-Development
Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
Stars: ✭ 84 (-82.01%)
Mutual labels:  kernel, exploit
H Encore 2
Fully chained kernel exploit for the PS Vita on firmwares 3.65-3.73
Stars: ✭ 237 (-49.25%)
Mutual labels:  kernel, exploit
Windows Kernel Exploits
windows-kernel-exploits Windows平台提权漏洞集合
Stars: ✭ 5,963 (+1176.87%)
Mutual labels:  kernel, exploit
HEVD Kernel Exploit
Exploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.
Stars: ✭ 44 (-90.58%)
Mutual labels:  kernel, exploit
Trinity
Trinity Exploit - Emulator Escape
Stars: ✭ 371 (-20.56%)
Mutual labels:  kernel, exploit
Linux Kernel Exploits
linux-kernel-exploits Linux平台提权漏洞集合
Stars: ✭ 4,203 (+800%)
Mutual labels:  kernel, exploit
Ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Stars: ✭ 4,808 (+929.55%)
Mutual labels:  exploit
Linux Insides Zh
Linux 内核揭秘
Stars: ✭ 5,105 (+993.15%)
Mutual labels:  kernel
Hershell
Multiplatform reverse shell generator
Stars: ✭ 456 (-2.36%)
Mutual labels:  exploit
Jupyter C Kernel
Minimal Jupyter C kernel
Stars: ✭ 463 (-0.86%)
Mutual labels:  kernel
Procfs
procfs provides functions to retrieve system, kernel and process metrics from the pseudo-filesystem proc.
Stars: ✭ 414 (-11.35%)
Mutual labels:  kernel
Cve 2018 8120
CVE-2018-8120 Windows LPE exploit
Stars: ✭ 447 (-4.28%)
Mutual labels:  exploit
Phantomuserland
Phantom: Persistent Operating System
Stars: ✭ 412 (-11.78%)
Mutual labels:  kernel
Aquila
AquilaOS: UNIX-like Operating System
Stars: ✭ 413 (-11.56%)
Mutual labels:  kernel
Enterprise gateway
A lightweight, multi-tenant, scalable and secure gateway that enables Jupyter Notebooks to share resources across distributed clusters such as Apache Spark, Kubernetes and others.
Stars: ✭ 412 (-11.78%)
Mutual labels:  kernel
Autosploit
Automated Mass Exploiter
Stars: ✭ 4,500 (+863.6%)
Mutual labels:  exploit
View All Similar Projects ➔

ByePg: Defeating Patchguard using Exception-hooking

ByePg hijacks the HalPrivateDispatchTable table to create a early-bugcheck hook. Utilizing this early-bugcheck hook it collects information about the exception and basically provides a simple interface to register a high-level system-wide exception handler.

A variety of kernel hooks can be implemented using this method completely bypassing PatchGuard and HVCI as it creates an entirely new attack surface, exception-based hooking, which was previously not possible in Windows kernel.

Writeup:

https://blog.can.ac/2019/10/19/byepg-defeating-patchguard-using-exception-hooking/

Project Structure:

  • \ByePgLib contains the base library
  • \ExHook contains a standalone SYSCALL hooking example using ByePg
  • \ExceptionHookingDemo demonstrates the exception handler
  • \InfinityHookFix contains a sample rendering the recent InfinityHook patch by Microsoft useless
  • \FreeSeh contains a SEH-via-ByePg module letting you use SEH in manual mapped images bypassing PatchGuard's inverted function table checks

Result:

ExHook

P.S.

There are many other things that can be done using the base library and many things can be improved, be SEH handling or BugCheck parsing, so I would really appreciate any form of contribution to this repo.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].