deadlands-windows-dkom - Windows DKOM : Hide Processus

  •        5

Deadlands project aim to create a kernel module using DKOM to hides process. It prevents taskmngr from viewing a running process (for example, cmd.exe). In order to compile this project, WDK (Windows Driver Kit) must be installed on your computer.

https://github.com/0xbaadf00d/deadlands-windows-dkom

Tags
Implementation
License
Platform

   




Related Projects

GunFu Deadlands

  •    Lua

A Far West themed 2D shooter featuring bullet time. Made in Lua using the Love2D library (http://love2d.org).

ScyllaHide - Fork of ScyllaHide: https://bitbucket.org/NtQuery/scyllahide, Releases:

  •    C++

ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various functions in usermode to hide debugging. This tool is intended to stay in usermode (ring3). If you need kernelmode (ring0) Anti-Anti-Debug please see TitanHide https://github.com/mrexodia/titanhide. PE x64 debugging is fully supported with plugins for x64dbg and IDA.

wdbgark - WinDBG Anti-RootKit Extension

  •    C++

WDBGARK is an extension (dynamic library) for the Microsoft Debugging Tools for Windows. It main purpose is to view and analyze anomalies in Windows kernel using kernel debugger. It is possible to view various system callbacks, system tables, object types and so on. For more user-friendly view extension uses DML. For the most of commands kernel-mode connection is required. Feel free to use extension with live kernel-mode debugging or with kernel-mode crash dump analysis (some commands will not work). Public symbols are required, so use them, force to reload them, ignore checksum problems, prepare them before analysis and you'll be happy. Windows BETA/RC is supported by design, but read a few notes. First, i don't care about checked builds. Second, i don't care if you don't have symbols (public or private). IA64/ARM is unsupported (and will not).

fibratus - Tool for exploration and tracing of the Windows kernel

  •    Python

Fibratus is a tool which is able to capture the most of the Windows kernel activity - process/thread creation and termination, context switches, file system I/O, registry, network activity, DLL loading/unloading and much more. The kernel events can be easily streamed to a number of output sinks like AMQP message brokers, Elasticsearch clusters or standard output stream. You can use filaments (lightweight Python modules) to extend Fibratus with your own arsenal of tools and so leverage the power of the Python's ecosystem. Download the latest release (Windows installer). The changelog and older releases can be found here.


ansible-jupyter-kernel - Jupyter Notebook Kernel for running Ansible Tasks and Playbooks

  •    Python

The Ansible Jupyter Kernel adds a kernel backend for Jupyter to interface directly with Ansible and construct plays and tasks and execute them on the fly. ansible-kernel is available to be installed from pypi but you can also install it locally. The setup package itself will register the kernel with Jupyter automatically.

DrK - The DrK Attack - Proof of concept

  •    Python

DrK is an attack that breaks kernel address space layout randomization (KASLR) by exploiting TLB and decoded i-cache side channel. To reliably exploit the side channels, the DrK attack took advantage of Intel TSX (Transactional Synchronization eXtension). One surprising behavior of TSX, which is essentially the root cause of this security loophole, is that it aborts a transaction without notifying the underlying kernel even when the transaction fails due to a critical error, such as a page fault or an access violation, which traditionally requires kernel intervention. DrK turns this property into a precise timing channel that can determine the mapping status (i.e., mapped versus unmapped) and execution status (i.e., executable versus non-executable) of the privileged kernel address space. Since such behavior is on the hardware level, DrK is universally applicable to all OSes, even in virtualized environments, and generates no visible footprint, making it difficult to detect in practice. Therefore, DrK can break the KASLR of all major OSes (i.e., Windows, Linux, and OS X) with near-perfect accuracy in under a second. Run make on the directory of this repository.

f-stack - F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API

  •    C

With the rapid development of Network Interface Cards the poor performance of data packet processing with the Linux kernel has become the bottleneck in modern network systems. Yet, the increasing demands of the Internet's growth demand a higher performant network processing solution. Kernel bypass has emerged to catch more and more attention. There are various similar technologies such as: DPDK, NETMAP and PF_RING. The main idea of kernel bypass is that Linux is only used to deal with control flow; all data streams are processed in user space. Therefore, kernel bypass can avoid performance bottlenecks caused by kernel packet copying, thread scheduling, system calls, and interrupts. Furthermore, kernel bypass can achieve higher performance with multi-optimizing methods. Within various techniques, DPDK has been widely used because of it's more thorough isolation from kernel scheduling and active community support. To deal with the increasingly severe DDoS attacks the authorized DNS server of Tencent Cloud DNSPod switched from Gigabit Ethernet to 10-Gigabit at the end of 2012. We faced several options: one is to continue to use the original network stack in the Linux kernel, another is to use kernel bypass techniques. After several rounds of investigation; we finally chose to develop our next generation of DNS server based on DPDK. The reason is DPDK provides ultra-high performance and can be seamlessly extended to 40G, or even 100G NIC, in the future.

ipykernel - IPython Kernel for Jupyter

  •    Python

This package provides the IPython kernel for Jupyter. After that, all normal ipython commands will use this newly-installed version of the kernel.

tock - A secure embedded operating system for Cortex-M based microcontrollers

  •    Rust

Tock is an embedded operating system designed for running multiple concurrent, mutually distrustful applications on Cortex-M based embedded platforms. Tock's design centers around protection, both from potentially malicious applications and from device drivers. Tock uses two mechanisms to protect different components of the operating system. First, the kernel and device drivers are written in Rust, a systems programming language that provides compile-time memory safety, type safety and strict aliasing. Tock uses Rust to protect the kernel (e.g. the scheduler and hardware abstraction layer) from platform specific device drivers as well as isolate device drivers from each other. Second, Tock uses memory protection units to isolate applications from each other and the kernel. Tock is documented in the doc folder. Read through the guides there to learn about the overview and design of Tock, its implementation, and much more.

bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

  •    Python

BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples. It makes use of extended BPF (Berkeley Packet Filters), formally known as eBPF, a new feature that was first added to Linux 3.15. Much of what BCC uses requires Linux 4.1 and above. One of the more interesting features in this cycle is the ability to attach eBPF programs (user-defined, sandboxed bytecode executed by the kernel) to kprobes. This allows user-defined instrumentation on a live kernel image that can never crash, hang or interfere with the kernel negatively.

Two Kernel Monte

  •    C

Two Kernel Monte is a Linux kernel module which allows Linux to load another kernel image into RAM and restart the machine from that kernel. The loader supports initial RAM disks and passing arbitrary kernel command line parameters to the new kernel.

raspberry-pi-os - Learning operating system development using Linux kernel and Raspberry Pi

  •    C

This repository contains a step-by-step guide that teaches how to create a simple operating system (OS) kernel from scratch. I call this OS Raspberry Pi OS or just RPi OS. The RPi OS source code is largely based on Linux kernel, but the OS has very limited functionality and supports only Raspberry PI 3. Each lesson is designed in such a way that it first explains how some kernel feature is implemented in the RPi OS, and then it tries to demonstrate how the same functionality works in the Linux kernel. Each lesson has a corresponding folder in the src directory, which contains a snapshot of the OS source code at the time when the lesson had just been completed. This allows the introduction of new concepts gracefully and helps readers to follow the evolution of the RPi OS. Understanding this guide doesn't require any specific OS development skills.

VMWare Kernel Debugging booster

  •    C++

The project is a Windows XP kernel driver allowing debugging kernel drivers over a named pipe EXTREMELY FAST. Compatible with both VMWare Workstation and VMWare server.

libfuse - The reference implementation of the Linux FUSE (Filesystem in Userspace) interface

  •    C

FUSE (Filesystem in Userspace) is an interface for userspace programs to export a filesystem to the Linux kernel. The FUSE project consists of two components: the fuse kernel module (maintained in the regular kernel repositories) and the libfuse userspace library (maintained in this repository). libfuse provides the reference implementation for communicating with the FUSE kernel module. A FUSE file system is typically implemented as a standalone application that links with libfuse. libfuse provides functions to mount the file system, unmount it, read requests from the kernel, and send responses back. libfuse offers two APIs: a "high-level", synchronous API, and a "low-level" asynchronous API. In both cases, incoming requests from the kernel are passed to the main program using callbacks. When using the high-level API, the callbacks may work with file names and paths instead of inodes, and processing of a request finishes when the callback function returns. When using the low-level API, the callbacks must work with inodes and responses must be sent explicitly using a separate set of API functions.

apollo-kernel - Collections of Apollo Kernels

  •    Shell

The Apollo Kernel provides the necessary kernel level support to run Apollo software stack. In the first release, we add the most popular solution, Linux Kernel, under the linux directory. Apollo Linux Kernel is based on official Linux Kernel 4.4.32 with some modifications.

ezpublish-kernel - eZ Publish 5 kernel

  •    PHP

eZ Publish 5 kernel

Kernel Development Kit (KDK)

  •    

Build your own os, with the help of Kernel Developent Kit. With minimal Assembly and C code, around 99.9% of the code is written in C++ using object oriented design.

Longene (Linux Unified Kernel)

  •    C

Longene ( Linux Unified Kernel ) is an open source project sponsored by Insigma Co., Ltd. It aims to implement a kernel module in Linux that provides a system-call and driver layer to allow the Windows applications to run on the Linux OS.

Nemesis Real Time OS Kernel

  •    C

Nemesis is a tiny real time operating system kernel based on x86 PCs. Its main purpose is to serve as a simple but realistic example of an real time OS kernel running on real hardware..the purpose of this is that it can be embedded in small devices lik