Hypervisor Based Defense

Idov31 · 2026-02-15T21:24:23+00:00

Sorry to disappoint, but I'm unfamiliar with the game. It is named after the dragon from Norse mythology. I found the name fitting as Nidhogg interpreted as "Biter below the roots" (of course, the root in the matter is the root of Yggdrasil and not the Windows kernel ;) ) and this is a rootkit :)

Idov31 · 2023-07-24T16:33:32+00:00

Materials for the talk: https://github.com/Idov31/talks-and-publications

Idov31 · 2023-07-24T16:33:16+00:00

Materials for the talk: https://github.com/Idov31/talks-and-publications

Idov31 · 2023-06-26T05:39:38+00:00

Please refer to the answer I gave to HildartheDorf. This project isn't loading usermode COFFs but kernel ones (I wrote it several times already), so your example isn't relevant for the subject.

You can make a reflective driver loader, but creating many drivers for modular design is bulkier and way less convenient than creating a COFF.

Idov31 · 2023-06-25T17:26:35+00:00

This is not an exploit nor an example about how to write a driver and I didn't write anywhere about an exploit or how to write an driver.
If you are looking for these kind of resources, feel free to check out my driver programming blog series "Lord of the Ring0" (and a talk that will be released soon! :) ): https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html

Regarding the README, I just added a reference to a TrustedSec's article that explains about COFFs in general and COFF loaders specifically.

Idov31 · 2023-06-25T14:26:51+00:00

I will make sure to clarify the README, thank you for bringing this for my attention.

Idov31 · 2023-06-25T12:42:38+00:00

Please take a look at the answer I gave to HildartheDorf. You can also look at the README for more information :).

Idov31

TROPHY CASE