ExaTrack/Kdrill

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ExaTrack/Kdrill)

ExaTrack / Kdrill

Python tool to check rootkits in Windows kernel

☆207

Alternatives and similar repositories for Kdrill

Users that are interested in Kdrill are comparing it to the libraries listed below

Sorting:

ANSSI-FR / orc2timeline
View on GitHub
orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them
☆34Jun 27, 2025Updated 8 months ago
klezVirus / DriverJack
View on GitHub
Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
☆361Aug 11, 2024Updated last year
Diverto / IPPrintC2
View on GitHub
PoC for using MS Windows printers for persistence / command and control via Internet Printing
☆150May 3, 2024Updated last year
deepinstinct / ShimMe
View on GitHub
☆147Oct 29, 2024Updated last year
vxCrypt0r / Voidgate
View on GitHub
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…
☆592Jun 12, 2024Updated last year
Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV
View on GitHub
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
☆290May 27, 2024Updated last year
0mWindyBug / RansomGuard
View on GitHub
anti-ransomware file-system filter
☆69Sep 3, 2024Updated last year
zimnyaa / smbsocks
View on GitHub
A simple rpc2socks alternative in pure Go.
☆31Jul 8, 2024Updated last year
outflanknl / edr-internals
View on GitHub
Tools for analyzing EDR agents
☆278Jun 10, 2024Updated last year
daem0nc0re / VectorKernel
View on GitHub
PoCs for Kernelmode rootkit techniques research.
☆435Nov 4, 2025Updated 4 months ago
joe-desimone / patriot
View on GitHub
☆155Jul 31, 2022Updated 3 years ago
d419h / IconJector
View on GitHub
Inject DLLs into the explorer process using icons
☆407May 18, 2025Updated 10 months ago
ColeHouston / Sunder
View on GitHub
Windows rootkit designed to work with BYOVD exploits
☆217Jan 18, 2025Updated last year
DualHorizon / blackpill
View on GitHub
A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
☆338Feb 27, 2026Updated 3 weeks ago
trustedsec / VerifyELF
View on GitHub
☆27May 6, 2024Updated last year
0xHossam / KernelCallbackTable-Injection-PoC
View on GitHub
Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
☆271Oct 31, 2024Updated last year
LETHAL-FORENSICS / MemProcFS-Analyzer
View on GitHub
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
☆701Oct 22, 2025Updated 4 months ago
eversinc33 / Banshee
View on GitHub
Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
☆593Aug 2, 2025Updated 7 months ago
floesen / KExecDD
View on GitHub
Admin to Kernel code execution using the KSecDD driver
☆264Apr 19, 2024Updated last year
senzee1984 / EDRPrison
View on GitHub
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
☆460Aug 2, 2024Updated last year
fin3ss3g0d / StoneKeeper
View on GitHub
StoneKeeper C2, an experimental EDR evasion framework for research purposes
☆209Dec 25, 2024Updated last year
synacktiv / Invoke-RunAsWithCert
View on GitHub
A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.
☆175May 13, 2024Updated last year
helviojunior / hookchain
View on GitHub
HookChain: A new perspective for Bypassing EDR Solutions
☆594Jan 5, 2025Updated last year
Meckazin / ChromeKatz
View on GitHub
Dump cookies and credentials directly from Chrome/Edge process memory
☆1,417Jan 19, 2026Updated 2 months ago
synacktiv / captaincredz
View on GitHub
CaptainCredz is a modular and discreet password-spraying tool.
☆134Jul 22, 2025Updated 7 months ago
BlackSnufkin / Invoke-DumpMDEConfig
View on GitHub
PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges requir…
☆155Jun 10, 2024Updated last year
decoder-it / DFSCoerce-exe-2
View on GitHub
DFSCoerce exe revisited version with custom authentication
☆42Jan 13, 2024Updated 2 years ago
EgeBalci / deoptimizer
View on GitHub
Evasion by machine code de-optimization.
☆418Jul 22, 2024Updated last year
synacktiv / keebcap
View on GitHub
Win32 keylogger that supports all (non-ime using) languages correctly
☆53Dec 21, 2023Updated 2 years ago
jonny-jhnson / ETWInspector
View on GitHub
☆182Apr 24, 2025Updated 10 months ago
k1nd0ne / VolWeb
View on GitHub
A centralized and enhanced memory analysis platform
☆523Mar 10, 2026Updated last week
zzhsec / NlsCodeInjectionThroughRegistry
View on GitHub
Dll injection through code page id modification in registry. Based on jonas lykk research
☆17Jun 18, 2022Updated 3 years ago
cybersectroll / TrollDump
View on GitHub
☆84May 19, 2024Updated last year
exploits-forsale / 24h2-nt-exploit
View on GitHub
Exploit targeting NT kernel in 24H2 Windows Insider Preview
☆151Apr 26, 2024Updated last year
thefLink / DeepSleep
View on GitHub
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
☆374May 24, 2022Updated 3 years ago
dobin / RedEdr
View on GitHub
Collect Windows telemetry for Maldev
☆464Jan 30, 2026Updated last month
listinvest / undonut
View on GitHub
Unpacker for donut shellcode
☆21Jun 20, 2020Updated 5 years ago
CICADA8-Research / Spyndicapped
View on GitHub
COM ViewLogger — new malware keylogging technique
☆407Jan 6, 2025Updated last year
CICADA8-Research / MyMSIAnalyzer
View on GitHub
Analyse MSI files for vulnerabilities
☆142Aug 30, 2024Updated last year