Alternatives and similar repositories for SyscallHookDetector

Users that are interested in SyscallHookDetector are comparing it to the libraries listed below

• mttaggart / quasar
  quASAR: ASAR manipulation made easy
  ☆38Updated 2 years ago
• ignacioj / WhacAMole
  Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…
  ☆41Updated 9 months ago
• xforcered / AdvSim.Cryptography
  Simple and sane cryptographic wrapper library.
  ☆27Updated 2 years ago
• ricardojoserf / NativeNtdllRemap
  Remap ntdll.dll using only NTAPI functions with a suspended process
  ☆21Updated 3 months ago
• dis0rder0x00 / CanYouCTheThief
  A C implementation of the Sektor7 "A Thief" Windows privesc technique.
  ☆62Updated 3 years ago
• persistent-security / hermes-the-messenger
  A PoC for achieving persistence via push notifications on Windows
  ☆46Updated 2 years ago
• yo-yo-yo-jbo / msf_shellcode_analysis
  ☆27Updated 2 years ago
• 0xB455 / ActiveSyncBruter
  ☆26Updated 4 months ago
• bot984397 / eepy
  ☆31Updated 3 months ago
• DISREL / Conti-Leaked-Playbook-TTPs
  MITRE TTPs derived from Conti's leaked playbooks from XSS.IS
  ☆38Updated 3 years ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated 2 years ago
• rtfmkiesel / loldrivers-client
  Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io
  ☆83Updated last year
• RedSiege / What-The-F
  This repo hosts a poc of how to execute F# code within an unmanaged process
  ☆68Updated last year
• nullsection / Discord-DLL-Hijacking
  This is a simple example of DLL hijacking enabling proxy execution.
  ☆66Updated 2 years ago
• PL-V / Firefox-WebInject
  Firefox webInjector capable of injecting codes into webpages using a mitmproxy.
  ☆41Updated 2 years ago
• vysecurity / PacketParser
  A cap/pcap packet parser to make life easier when performing stealth/passive reconnaissance.
  ☆21Updated 11 months ago
• HullaBrian / COMmander
  .NET tool used to enrich RPC telemetry
  ☆87Updated last month
• itm4n / Pentest-Windows
  Windows internals and exploitation tricks
  ☆102Updated last month
• zimnyaa / LEOPARDSEAL
  A simple Linux in-memory .so loader
  ☆30Updated 2 years ago
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆35Updated 3 years ago
• patrickt2017 / VEHNetLoader
  Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
  ☆33Updated last week
• sec-consult / msiscan
  Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers
  ☆122Updated 10 months ago
• xforcered / DayBird
  Extension functionality for the NightHawk operator client
  ☆27Updated last year
• antonioCoco / infosec-talks
  ☆48Updated last year
• deepinstinct / VSTO-POC
  A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously
  ☆31Updated 2 years ago
• eladshamir / BadWindowsService
  An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities
  ☆61Updated 2 years ago
• V3ded / ToolDump-v1
  Some of my custom "tools".
  ☆28Updated 3 years ago
• rbmm / ARL
  ☆25Updated 5 months ago
• hellofromdaniel / nyxppl
  Windows Protected Process Light toggle tool — dynamically finds offsets and patches EPROCESS using RTCore64
  ☆46Updated 2 months ago
• D4rthMaulCop / DumpKernel-S1
  A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
  ☆20Updated 3 months ago