ExaTrack/Kdrill external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ExaTrack/Kdrill

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ExaTrack/Kdrill)

Close

ExaTrack / KdrillView on GitHubMore

• External links
• Readme badge

Python tool to check rootkits in Windows kernel

☆210Aug 20, 2025Updated 10 months ago

Alternatives and similar repositories for Kdrill

Users that are interested in Kdrill are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• ANSSI-FR / orc2timeline

  View on GitHub
  orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them
  ☆34Jun 27, 2025Updated last year
• klezVirus / DriverJack

  View on GitHub
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆360Aug 11, 2024Updated last year
• Diverto / IPPrintC2

  View on GitHub
  PoC for using MS Windows printers for persistence / command and control via Internet Printing
  ☆153May 3, 2024Updated 2 years ago
• deepinstinct / ShimMe

  View on GitHub
  ☆147Oct 29, 2024Updated last year
• vxCrypt0r / Voidgate

  View on GitHub
  A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…
  ☆599Jun 12, 2024Updated 2 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV

  View on GitHub
  Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
  ☆293May 27, 2024Updated 2 years ago
• 0mWindyBug / RansomGuard

  View on GitHub
  anti-ransomware file-system filter
  ☆71Sep 3, 2024Updated last year
• zimnyaa / smbsocks

  View on GitHub
  A simple rpc2socks alternative in pure Go.
  ☆31Jul 8, 2024Updated last year
• outflanknl / edr-internals

  View on GitHub
  Tools for analyzing EDR agents
  ☆278Jun 10, 2024Updated 2 years ago
• daem0nc0re / VectorKernel

  View on GitHub
  PoCs for Kernelmode rootkit techniques research.
  ☆441Mar 25, 2026Updated 3 months ago
• d419h / IconJector

  View on GitHub
  Inject DLLs into the explorer process using icons
  ☆410May 18, 2025Updated last year
• joe-desimone / patriot

  View on GitHub
  ☆162Jul 31, 2022Updated 3 years ago
• ColeHouston / Sunder

  View on GitHub
  Windows rootkit designed to work with BYOVD exploits
  ☆223Jan 18, 2025Updated last year
• DualHorizon / blackpill

  View on GitHub
  A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
  ☆341Feb 27, 2026Updated 4 months ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• trustedsec / VerifyELF

  View on GitHub
  ☆28May 6, 2024Updated 2 years ago
• 0xHossam / KernelCallbackTable-Injection-PoC

  View on GitHub
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆274Oct 31, 2024Updated last year
• eversinc33 / Banshee

  View on GitHub
  Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
  ☆606Aug 2, 2025Updated 10 months ago
• LETHAL-FORENSICS / MemProcFS-Analyzer

  View on GitHub
  MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
  ☆723May 2, 2026Updated last month
• floesen / KExecDD

  View on GitHub
  Admin to Kernel code execution using the KSecDD driver
  ☆270Apr 19, 2024Updated 2 years ago
• senzee1984 / EDRPrison

  View on GitHub
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆475Aug 2, 2024Updated last year
• fin3ss3g0d / StoneKeeper

  View on GitHub
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆208Dec 25, 2024Updated last year
• synacktiv / Invoke-RunAsWithCert

  View on GitHub
  A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.
  ☆177May 13, 2024Updated 2 years ago
• helviojunior / hookchain

  View on GitHub
  HookChain: A new perspective for Bypassing EDR Solutions
  ☆608Jan 5, 2025Updated last year
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• Meckazin / ChromeKatz

  View on GitHub
  Dump cookies and credentials directly from Chrome/Edge process memory
  ☆1,469Apr 9, 2026Updated 2 months ago
• synacktiv / captaincredz

  View on GitHub
  CaptainCredz is a modular and discreet password-spraying tool.
  ☆138Updated this week
• BlackSnufkin / Invoke-DumpMDEConfig

  View on GitHub
  PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges requir…
  ☆155Jun 10, 2024Updated 2 years ago
• decoder-it / DFSCoerce-exe-2

  View on GitHub
  DFSCoerce exe revisited version with custom authentication
  ☆43Jan 13, 2024Updated 2 years ago
• synacktiv / keebcap

  View on GitHub
  Win32 keylogger that supports all (non-ime using) languages correctly
  ☆54Dec 21, 2023Updated 2 years ago
• EgeBalci / deoptimizer

  View on GitHub
  Evasion by machine code de-optimization.
  ☆428Jul 22, 2024Updated last year
• k1nd0ne / VolWeb

  View on GitHub
  A centralized and enhanced memory analysis platform
  ☆527Mar 20, 2026Updated 3 months ago
• jonny-jhnson / ETWInspector

  View on GitHub
  ☆209May 10, 2026Updated last month
• zzhsec / NlsCodeInjectionThroughRegistry

  View on GitHub
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆16Jun 18, 2022Updated 4 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• cybersectroll / TrollDump

  View on GitHub
  ☆84May 19, 2024Updated 2 years ago
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆377May 24, 2022Updated 4 years ago
• exploits-forsale / 24h2-nt-exploit

  View on GitHub
  Exploit targeting NT kernel in 24H2 Windows Insider Preview
  ☆154Apr 26, 2024Updated 2 years ago
• listinvest / undonut

  View on GitHub
  Unpacker for donut shellcode
  ☆22Jun 20, 2020Updated 6 years ago
• CICADA8-Research / MyMSIAnalyzer

  View on GitHub
  Analyse MSI files for vulnerabilities
  ☆143Aug 30, 2024Updated last year
• floesen / EventLogCrasher

  View on GitHub
  ☆188Jan 23, 2024Updated 2 years ago
• CICADA8-Research / Spyndicapped

  View on GitHub
  COM ViewLogger — new malware keylogging technique
  ☆407Jan 6, 2025Updated last year