← All Tags
# windows security kernel

2 links tagged with all of: windows + security + kernel

Click any tag below to further narrow down your results

+ hypervisor (1) + virtualization (1) + rootkits (1) + alt-syscalls (1)

Links

SSDT Hooking via Alt Syscalls for ETW Evasion

Hells Hollow introduces a novel technique for SSDT hooking, leveraging Alt Syscalls to bypass Microsoft’s PatchGuard protections on Windows 11. This method allows rootkits to intercept and manipulate system calls by modifying the KTRAP_FRAME, thus enabling a range of malicious activities while highlighting the vulnerabilities within the Windows kernel. Limitations of the technique are discussed, including its resistance to certain security measures like Hyper-V and HVCI.
Saved by tldr-importer · Last saved October 29, 2025 · 7 min read
+ rootkits windows ✓ kernel ✓ + alt-syscalls security ✓

GitHub - Idov31/NovaHypervisor: NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other means) by safeguarding defense products (AntiVirus / Endpoint Protection) and kernel memory structures and preventing unauthorized access to kernel memory.

NovaHypervisor is a defensive x64 Intel hypervisor designed to protect against kernel-based attacks by safeguarding memory structures and defense products on Windows 10 and later. Written in C++ and Assembly, it is in early development, not yet suitable for production, and includes instructions for setup, memory protection commands, and logging. Users must enable specific virtualization features to run the hypervisor effectively.
Saved by tldr-importer · Last saved October 29, 2025 · 2 min read
+ hypervisor security ✓ windows ✓ kernel ✓ + virtualization