Alternatives and similar repositories for PlanqX_EDR-Endpoint-Detection-and-Response

Users that are interested in PlanqX_EDR-Endpoint-Detection-and-Response are comparing it to the libraries listed below

• RafWu / RansomWatch
  Ransomware detection application for Windows using Windows Minifilter driver
  ☆88Updated 5 years ago
• adamhlt / Process-Hollowing
  Process Hollowing in C++ (x86 / x64) - Process PE image replacement
  ☆166Updated 2 years ago
• DamonMohammadbagher / ETWProcessMon2
  ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…
  ☆307Updated last year
• PI-Defender / pi-defender
  Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.
  ☆154Updated 2 years ago
• paskalian / WID_LoadLibrary
  Reverse engineering winapi function loadlibrary.
  ☆214Updated 2 years ago
• jdu2600 / EtwTi-FluctuationMonitor
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆145Updated 2 years ago
• dennisbabkin / InjectAll
  Tutorial & a blog post that demonstrate how to code a Windows driver to inject a custom DLL into all running processes. I coded it from s…
  ☆137Updated 4 years ago
• itm4n / PPLcontrol
  Controlling Windows PP(L)s
  ☆341Updated 2 years ago
• jdu2600 / CFG-FindHiddenShellcode
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆122Updated 2 years ago
• eversinc33 / unKover
  PoC Anti-Rootkit/Anti-Cheat Driver.
  ☆218Updated 4 months ago
• hasherezade / pe_unmapper
  Small tool to convert beteween the PE alignments (raw and virtual).
  ☆95Updated 2 years ago
• MahmoudZohdy / Process-Injection-Techniques
  Various Process Injection Techniques
  ☆156Updated 3 years ago
• gmh5225 / ntoskrnl_file_collection
  Collect various versions of ntoskrnl files
  ☆55Updated last year
• HARM4Y / Karlann
  It's a kernel-based keylogger for Windows x86/x64.
  ☆141Updated 2 years ago
• Soju06 / kernelLoader
  Windows 10/11 unsigned kernel driver load/debugging
  ☆14Updated 2 years ago
• kevoreilly / capemon
  capemon: CAPE's monitor
  ☆125Updated this week
• jdu2600 / API-To-ETW
  Uses ghidra to find all ETW write metadata for each API in a PE file
  ☆21Updated last year
• Rhydon1337 / windows-kernel-file-delete
  Force a file delete using a windows kernel driver
  ☆67Updated 3 years ago
• huoji120 / awesome_anti_virus_engine
  about how to make a anti-virus engine
  ☆86Updated 3 months ago
• jiubanlo / WinNT5_src_20201004
  Contents from "nt5src.7z"
  ☆23Updated 3 years ago
• BlackSnufkin / BYOVD
  BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology.
  ☆345Updated this week
• zodiacon / windowskernelprogrammingbook2e
  Samples for the book Windows Kernel Programming, 2nd edition
  ☆357Updated last month
• daem0nc0re / VectorKernel
  PoCs for Kernelmode rootkit techniques research.
  ☆378Updated 2 weeks ago
• EaseFilterSDK / mini-filter-driver-framework
  A mini filter driver development framework allows you to develop minit filter driver with different features.
  ☆60Updated 4 months ago
• AdamOron / PatchGuardBypass
  Bypassing PatchGuard on modern x64 systems
  ☆268Updated 2 years ago
• xuanxuan0 / TiEtwAgent
  PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
  ☆285Updated 4 years ago
• dslee2022 / SignatureKid
  ☆356Updated 2 months ago
• hasherezade / thread_namecalling
  Process Injection using Thread Name
  ☆277Updated 4 months ago
• Oxygen1a1 / InfinityHook_latest
  etw hook (syscall/infinity hook) compatible with the latest Windows version of PG
  ☆261Updated last year
• void-stack / Hypervisor-Detection
  Detects virtual machines and malware analysis environments
  ☆137Updated 2 years ago