ExaTrack / KdrillLinks
Python tool to check rootkits in Windows kernel
☆197Updated 3 months ago
Alternatives and similar repositories for Kdrill
Users that are interested in Kdrill are comparing it to the libraries listed below
Sorting:
- ☆115Updated last month
- A ProcessMonitor visualization application written in rust.☆181Updated last year
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆165Updated 2 months ago
- Repository of Yara Rules☆111Updated 2 months ago
- ☆189Updated last year
- Tools for analyzing EDR agents☆230Updated last year
- ☆232Updated 2 weeks ago
- Configuration Extractors for Malware☆106Updated 2 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆314Updated last year
- ☆169Updated 2 months ago
- Collect Windows telemetry for Maldev☆356Updated 4 months ago
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆123Updated 4 months ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆213Updated 2 years ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆150Updated 11 months ago
- A C# based tool for analysing malicious OneNote documents☆114Updated 2 years ago
- GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the func…☆64Updated last month
- Analyse your malware to surgically obfuscate it☆474Updated 3 weeks ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆116Updated 11 months ago
- ☆131Updated last year
- kernel callback removal (Bypassing EDR Detections)☆177Updated 3 months ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Updated 9 months ago
- ☆136Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆346Updated 4 months ago
- A robust, multiprocessing-capable, multi-family RAT config parser/config extractor for AsyncRAT, DcRAT, VenomRAT, QuasarRAT, XWorm, Xeno …☆46Updated 2 weeks ago
- ☆250Updated last year
- Windows rootkit designed to work with BYOVD exploits☆200Updated 5 months ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆80Updated 9 months ago
- Simulate the behavior of AV/EDR for malware development training.☆530Updated last year
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆314Updated 8 months ago
- ☆67Updated 4 months ago