Alternatives and similar repositories for awesome-windows-rootkits:

Users that are interested in awesome-windows-rootkits are comparing it to the libraries listed below

• t3rabyt3-zz / Gozi
  Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.
  ☆63Updated 6 years ago
• NextSecurity / Gozi-MBR-rootkit
  Gozi-MBR-rootkit Bootkit Modified
  ☆68Updated 8 years ago
• Jb05s / Exploit-Dev-C
  ☆23Updated 4 years ago
• mgeeky / HEVD_Kernel_Exploit
  Exploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.
  ☆65Updated 3 years ago
• DownWithUp / CVE-Stockpile
  Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.
  ☆48Updated 4 years ago
• hasherezade / hidden_bee_tools
  Parser for a custom executable format from Hidden Bee malware (first stage)
  ☆39Updated 4 months ago
• Truneski / WindowsKernelProgramming-Exercises
  ☆49Updated 4 years ago
• NtRaiseHardError / AntiHook
  PoC designed to evade userland-hooking anti-virus.
  ☆87Updated 5 years ago
• d00rt / ebfuscator
  Ebfuscator: Abusing system errors for binary obfuscation
  ☆52Updated 4 years ago
• DanielAvinoam / TheSubZeroProject
  A multi-staged malware that contains a kernel mode rootkit and a remote system shell.
  ☆71Updated 3 years ago
• NtRaiseHardError / Dreadnought
  PoC for detecting and dumping code injection (built and extended on UnRunPE)
  ☆56Updated 6 years ago
• hasherezade / tag_converter
  ☆22Updated 3 years ago
• hasherezade / loaderine
  A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.
  ☆19Updated 6 years ago
• connormcgarr / Kernel-Escalation-of-Privileges-Payloads
  NT AUTHORITY\SYSTEM
  ☆37Updated 4 years ago
• AzAgarampur / byeintegrity3-uac
  Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler
  ☆27Updated 3 years ago
• Nervous / GreenKit-Rootkit
  GreenKit is an userland rootkit hiding its own files and mining bitcoins on compromised computers. Do /NOT/ download or use this rootkit …
  ☆42Updated 7 years ago
• eLoopWoo / zwhawk
  A kernel rootkit with remote command and control interface for windows
  ☆108Updated 7 years ago
• NtRaiseHardError / Anti-Delete
  Protects deletion of files with a specified extension using a kernel-mode driver.
  ☆75Updated 6 years ago
• uf0o / heappo
  Heappo 🦛 is a PyKD based extensions for WinDBG which aids Heap Exploitation
  ☆13Updated 4 years ago
• loneicewolf / KernelMode-Code
  2022 Updated Kernelmode-Code
  ☆31Updated 10 months ago
• Jyang772 / HideProcessHookMDL
  A simple rootkit to hide a process
  ☆46Updated 11 years ago
• evilbuffer / Osiris-Sourcecode
  Alleged source code leak of Osiris banking trojan
  ☆37Updated 3 years ago
• hasherezade / process_chameleon
  A process overwriting its own PEB to make an illusion that it has been loaded from a different path.
  ☆93Updated 3 years ago
• hidd3ncod3s / WindowsAPIhash
  Windows API Hashes used in the malwares
  ☆40Updated 9 years ago
• vineetgaurav / WIN_JELLY
  Windows GPU rootkit PoC by Team Jellyfish
  ☆35Updated 9 years ago
• jthuraisamy / av-fingerprints
  Antivirus Emulator Fingerprints
  ☆27Updated 6 years ago
• Cr4sh / DrvHide-PoC
  Hidden kernel mode code execution for bypassing modern anti-rootkits.
  ☆82Updated 14 years ago
• paranoidninja / 0xdarkvortex-Reverse-Engineering
  This repo contains all the code that will be referred at https://scriptdotsh.com by Paranoid Ninja
  ☆46Updated 4 years ago
• sysopfb / Unpackers
  My collection of unpackers for malware packers/crypters
  ☆28Updated 7 years ago
• hasherezade / libpeconv_tpl
  A ready-made template for a project based on libpeconv.
  ☆43Updated 3 months ago