deadlands-windows-dkom - Windows DKOM : Hide Processus

  •        3

Deadlands project aim to create a kernel module using DKOM to hides process. It prevents taskmngr from viewing a running process (for example, cmd.exe). In order to compile this project, WDK (Windows Driver Kit) must be installed on your computer.

https://github.com/0xbaadf00d/deadlands-windows-dkom

Tags
Implementation
License
Platform

   




Related Projects

GunFu Deadlands


A Far West themed 2D shooter featuring bullet time. Made in Lua using the Love2D library (http://love2d.org).

ScyllaHide - Fork of ScyllaHide: https://bitbucket.org/NtQuery/scyllahide, Releases:


ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various functions in usermode to hide debugging. This tool is intended to stay in usermode (ring3). If you need kernelmode (ring0) Anti-Anti-Debug please see TitanHide https://github.com/mrexodia/titanhide. PE x64 debugging is fully supported with plugins for x64dbg and IDA.

ansible-jupyter-kernel - Jupyter Notebook Kernel for running Ansible Tasks and Playbooks


The Ansible Jupyter Kernel adds a kernel backend for Jupyter to interface directly with Ansible and construct plays and tasks and execute them on the fly. ansible-kernel is available to be installed from pypi but you can also install it locally. The setup package itself will register the kernel with Jupyter automatically.

DrK - The DrK Attack - Proof of concept


DrK is an attack that breaks kernel address space layout randomization (KASLR) by exploiting TLB and decoded i-cache side channel. To reliably exploit the side channels, the DrK attack took advantage of Intel TSX (Transactional Synchronization eXtension). One surprising behavior of TSX, which is essentially the root cause of this security loophole, is that it aborts a transaction without notifying the underlying kernel even when the transaction fails due to a critical error, such as a page fault or an access violation, which traditionally requires kernel intervention. DrK turns this property into a precise timing channel that can determine the mapping status (i.e., mapped versus unmapped) and execution status (i.e., executable versus non-executable) of the privileged kernel address space. Since such behavior is on the hardware level, DrK is universally applicable to all OSes, even in virtualized environments, and generates no visible footprint, making it difficult to detect in practice. Therefore, DrK can break the KASLR of all major OSes (i.e., Windows, Linux, and OS X) with near-perfect accuracy in under a second. Run make on the directory of this repository.

ipykernel - IPython Kernel for Jupyter


This package provides the IPython kernel for Jupyter. After that, all normal ipython commands will use this newly-installed version of the kernel.


Two Kernel Monte


Two Kernel Monte is a Linux kernel module which allows Linux to load another kernel image into RAM and restart the machine from that kernel. The loader supports initial RAM disks and passing arbitrary kernel command line parameters to the new kernel.

raspberry-pi-os - Learning operating system development using Linux kernel and Raspberry Pi


This repository contains a step-by-step guide that teaches how to create a simple operating system (OS) kernel from scratch. I call this OS Raspberry Pi OS or just RPi OS. The RPi OS source code is largely based on Linux kernel, but the OS has very limited functionality and supports only Raspberry PI 3. Each lesson is designed in such a way that it first explains how some kernel feature is implemented in the RPi OS, and then it tries to demonstrate how the same functionality works in the Linux kernel. Each lesson has a corresponding folder in the src directory, which contains a snapshot of the OS source code at the time when the lesson had just been completed. This allows the introduction of new concepts gracefully and helps readers to follow the evolution of the RPi OS. Understanding this guide doesn't require any specific OS development skills.

VMWare Kernel Debugging booster


The project is a Windows XP kernel driver allowing debugging kernel drivers over a named pipe EXTREMELY FAST. Compatible with both VMWare Workstation and VMWare server.

libfuse - The reference implementation of the Linux FUSE (Filesystem in Userspace) interface


FUSE (Filesystem in Userspace) is an interface for userspace programs to export a filesystem to the Linux kernel. The FUSE project consists of two components: the fuse kernel module (maintained in the regular kernel repositories) and the libfuse userspace library (maintained in this repository). libfuse provides the reference implementation for communicating with the FUSE kernel module. A FUSE file system is typically implemented as a standalone application that links with libfuse. libfuse provides functions to mount the file system, unmount it, read requests from the kernel, and send responses back. libfuse offers two APIs: a "high-level", synchronous API, and a "low-level" asynchronous API. In both cases, incoming requests from the kernel are passed to the main program using callbacks. When using the high-level API, the callbacks may work with file names and paths instead of inodes, and processing of a request finishes when the callback function returns. When using the low-level API, the callbacks must work with inodes and responses must be sent explicitly using a separate set of API functions.

apollo-kernel - Collections of Apollo Kernels


The Apollo Kernel provides the necessary kernel level support to run Apollo software stack. In the first release, we add the most popular solution, Linux Kernel, under the linux directory. Apollo Linux Kernel is based on official Linux Kernel 4.4.32 with some modifications.

Kernel Development Kit (KDK)


Build your own os, with the help of Kernel Developent Kit. With minimal Assembly and C code, around 99.9% of the code is written in C++ using object oriented design.

Longene (Linux Unified Kernel)


Longene ( Linux Unified Kernel ) is an open source project sponsored by Insigma Co., Ltd. It aims to implement a kernel module in Linux that provides a system-call and driver layer to allow the Windows applications to run on the Linux OS.

Nemesis Real Time OS Kernel


Nemesis is a tiny real time operating system kernel based on x86 PCs. Its main purpose is to serve as a simple but realistic example of an real time OS kernel running on real hardware..the purpose of this is that it can be embedded in small devices lik

gvisor - Container Runtime Sandbox


gVisor is a user-space kernel, written in Go, that implements a substantial portion of the Linux system surface. It includes an Open Container Initiative (OCI) runtime called runsc that provides an isolation boundary between the application and the host kernel. The runsc runtime integrates with Docker and Kubernetes, making it simple to run sandboxed containers. gVisor takes a distinct approach to container sandboxing and makes a different set of technical trade-offs compared to existing sandbox technologies, thus providing new tools and ideas for the container security landscape.

KdExploitMe - A kernel driver to practice writing exploits against, as well as some example exploits using public techniques


A kernel driver to practice writing exploits against, as well as some example exploits using public techniques. The intent of this driver is to educate security testers on how memory corruption issues in Windows kernel drivers can be exploited. Knowing how to exploit security issues allows security testers to prove that bugs are exploitable which can be used to convince developers to fix bugs. While these techniques can be used for evil, I have written this driver in the hopes that you will use this knowledge for good.

linux-insides - A little bit about a linux kernel


A book-in-progress about the linux kernel and its insides. Questions/Suggestions: Feel free about any questions or suggestions by pinging me at twitter @0xAX, adding an issue or just drop me an email.

PowerNex - An operating system written in D


PowerNex is a OS written in the D Programming Language. The goal is to have a whole OS written in D, where the PowerNex kernel powers the core. The name PowerNex comes from the words power and next. A kernel to power the next generation of hardware.

cilium - HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP


Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos. A new Linux kernel technology called BPF is at the foundation of Cilium. It supports dynamic insertion of BPF bytecode into the Linux kernel at various integration points such as: network IO, application sockets, and tracepoints to implement security, networking and visibility logic. BPF is highly efficient and flexible. To learn more about BPF, read more in our extensive BPF and XDP Reference Guide.

linux-kernel-module-cheat - Run one command, get a QEMU or gem5 Buildroot BusyBox virtual machine built from source with several minimal Linux kernel 4


Run one command, get a QEMU or gem5 Buildroot BusyBox virtual machine built from source with several minimal Linux kernel 4.16 module development example tutorials with GDB and KGDB step debugging and minimal educational hardware models. "Tested" in x86, ARM and MIPS guests, Ubuntu 18.04 host. This is the most native setup, and therefore the best one if you are on one of the supported Ubuntu: 16.04 or 18.04.