v1.0.1

What's Changed

• Updated C++ version to 20
• Updated memory allocator
• Updated YARA rule
• Fixed port hiding
• Fixed ETW-TI for 24H2

Full Changelog: v1.0...v1.0.1

Version 1.0 Release

New features:

• Driver hiding / unhiding

• Module hiding

• Port hiding / unhiding

• Query hidden ports

• Thread unhiding

• Credential Dumping

• NidhoggScript Execution

• Initial Operations (As requested in #34 )

Improvements:

• Refactored the driver side code and improved code quality in terms of readability, simplicity and bug fixing.
• Refactored the client side code and improved code quality in terms of readability, simplicity and bug fixing.
• Reduced the amount of IOCTLs.
• Added automatic allocation / deallocations.
• Fixed memory leaks.

Misc

• New logo
• New wiki
• Prints can be now turned off / on with a single #define

Version 0.4 Release

Version 0.4 Release

New features:

• DLL Injection

  • Via APC
  • Via NtCreateThread

• Shellcode Injection

  • Via APC
  • Via NtCreateThread

• Unregistering and restoring callbacks

  • ObCallbacks
  • PsSetCreateProcessNotifyRoutine
  • PsSetCreateThreadNotifyRoutine
  • Image Load
  • Registry callbacks

• ETWTI tampering (disable and enable)

Improvements

• Fixed kdmapper compatibility issues
• Added validation for SSDT function getting
• Added length check to registry objects
• Increased overall stability

Misc

• Created CMake to compile the client
• Made driver code more efficient

Version 0.3 Release

Version 0.3 Release

New features:

• Driver can be reflectively loaded with kdmapper
• PP/PPL managing
• Protecting threads
• Hiding threads
• Changed method for file protection (IRP hooking)

Improvements

• Changed memory address validation to a better way (address range check instead of the dangerous MmIsAddressValid function)
• Added locks before accessing EPROCESS/ETHREAD structures
• Increased overall stability

Misc

• Changed the client code to work with namespaces instead
• Made both the driver and client code more efficient

Version 0.2 Release

Version 0.2 Release

New features:

• Function patching
• Built in AMSI & ETW bypass
• Arbitrary R/W from the kernel

Improvements

• Added documentation for every function
• Added execution with partial functionality
• Increased overall stability

Misc

• Prettified and organized code.

Version 0.1

Version 0.1 Release

New features:

• Anti registry key & value deletion
• Registry key & value hiding
• Anti overwriting value
• Ability to query protected processes / files / registry keys & values.

Improvements

• Fixed ObUnregisterCallbacks BSOD
• Fixed UAC BSOD (the KERNEL_SECURITY_CHECK_FAILURE one)
• Increased overall stability

Misc

• Prettified and organized code.

Beta

Beta Release

New features:

• Anti file deletion
• Anti file overwritting

Improvements:

• Fixed the hpp file
• Fixed the example

Misc

• Added YARA rule

Alpha

Alpha Release

Contains the basic capabilities:

• Anti process killing
• Anti process dumping
• Pe-sieve bypass
• Process elevation
• Process hiding