Alternatives and similar repositories for WindowsRootkitsGuide:

Users that are interested in WindowsRootkitsGuide are comparing it to the libraries listed below

• OtterHacker / Hooker
  ☆103Updated 3 months ago
• LambdaMamba / LenaMalwareAnalysis
  Lena's scripts/code/resources for malware analysis
  ☆25Updated 8 months ago
• TierZeroSecurity / edr_blocker
  Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…
  ☆141Updated 6 months ago
• ChaitanyaHaritash / IllusiveFog
  Windows Administrator level Implant.
  ☆48Updated 4 months ago
• RussianPanda95 / Configuration_extractors
  Configuration Extractors for Malware
  ☆91Updated 3 weeks ago
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆149Updated 2 months ago
• struppigel / hedgehog-tools
  ☆111Updated this week
• CICADA8-Research / MyMSIAnalyzer
  Analyse MSI files for vulnerabilities
  ☆124Updated 5 months ago
• cbecks2 / edr-artifacts
  This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.
  ☆76Updated 5 months ago
• sensepost / mydumbedr
  ☆112Updated last year
• moval0x1 / NoDelete
  NoDelete is a tool that assists in malware analysis by locking a folder where malware drops files before deleting them.
  ☆44Updated last month
• outflanknl / edr-internals
  Tools for analyzing EDR agents
  ☆220Updated 8 months ago
• lewiswigmore / Virus.xcheck
  Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs…
  ☆52Updated last year
• hasherezade / flareon2024
  ☆36Updated 2 months ago
• Leo4j / Invoke-SMBRemoting
  Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement
  ☆158Updated 2 months ago
• hackerhouse-opensource / WMIProcessWatcher
  A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
  ☆132Updated last year
• rad9800 / FileRenameJunctionsEDRDisable
  ☆143Updated 2 months ago
• MythicAgents / Hannibal
  A Mythic Agent written in PIC C.
  ☆171Updated 2 weeks ago
• CyberRa1 / APT-Hub
  APT hub, It help's research to collect information and data on the latest APT activities. It collects data on APT profiles, IOCs(1 yr), a…
  ☆48Updated 3 months ago
• x86byte / Stuxnet-Rootkit
  Stuxnet extracted binaries by reversing & Stuxnet Rootkit Analysis
  ☆50Updated 5 months ago
• 0x4141414141 / Malware-Devlopment
  Work in progress experiments with reverse shells, AV bypass and extraction of secrets from memory in C
  ☆39Updated 5 years ago
• wetw0rk / wetw0rk.github.io
  ☆18Updated last week
• eric-conrad / c2-talk
  ☆36Updated 10 months ago
• Idov31 / NidhoggScript
  NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
  ☆46Updated 11 months ago
• cocomelonc / bsprishtina-2024-maldev-workshop
  BSides Prishtina 2024 Malware Development and Persistence workshop
  ☆65Updated 3 months ago
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆102Updated 5 months ago
• FuzzySecurity / BHUSA-2023
  ☆105Updated 7 months ago
• ZERODETECTION / MSC_Dropper
  ☆139Updated 6 months ago