All steps are to be executed in Administrative powershell/cmd.exe. We use the following color scheme to distinguish host and VM: 🟢 is Host 🔵 is VM. We have used the following tools in this post: WinDbg, VMware, and VirtualKD-Redux. 🟢 Disable Memory Integrity 🟢 Run bcdedit /set hypervisorlaunchtype off 🟢 Install VMware Download Windows and … Read more
eBPF is (now!) a cross-platform technology with origins in the Linux Kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or write drivers with the native kernel APIs. … Read more
Illustration by @Megha. Edited by @Freya Fannie. This document outlines the steps to get a minifilter signed by Microsoft, including registering for the Windows Hardware Dev Center program, purchasing an EV code signing certificate, and using the Windows Hardware Certification Kit (HCK) or Windows Hardware Lab kit (HLK) to run tests and submit a test … Read more
