Lord Of The Ring0 - Part 6 | Conclusion

In the last blog post, we learned about two common hooking methods (IRP Hooking and SSDT Hooking) and two different injection techniques from the kernel to the user mode for both shellcode and DLL (APC and CreateThread) with code snippets and examples from Nidhogg. In this blog post , we will write a simple driver that is capable of bypassing AMSI to demonstrate patching usermode memory from the k...

Jormungandr

Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.

Nidhogg

Nidhogg is a multi-functional rootkit to showcase the variety of operations that can be done from kernel space.

NovaHypervisor

NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks.

Cronos

Cronos is a sleep obfuscation technique leveraging waitable timers to evade memory scanners (PE-Sieve, Moneta, etc.)

Sandman

Sandman is a NTP based backdoor for operations in hardened networks.