Python tool to check rootkits in Windows kernel
☆210Aug 20, 2025Updated 9 months ago
Alternatives and similar repositories for Kdrill
Users that are interested in Kdrill are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆34Jun 27, 2025Updated 10 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆360Aug 11, 2024Updated last year
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆153May 3, 2024Updated 2 years ago
- ☆147Oct 29, 2024Updated last year
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆595Jun 12, 2024Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆294May 27, 2024Updated last year
- anti-ransomware file-system filter☆71Sep 3, 2024Updated last year
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- Tools for analyzing EDR agents☆278Jun 10, 2024Updated last year
- PoCs for Kernelmode rootkit techniques research.☆439Mar 25, 2026Updated last month
- ☆161Jul 31, 2022Updated 3 years ago
- Inject DLLs into the explorer process using icons☆408May 18, 2025Updated last year
- Windows rootkit designed to work with BYOVD exploits☆221Jan 18, 2025Updated last year
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆339Feb 27, 2026Updated 2 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆28May 6, 2024Updated 2 years ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆275Oct 31, 2024Updated last year
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆715May 2, 2026Updated 2 weeks ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆602Aug 2, 2025Updated 9 months ago
- Admin to Kernel code execution using the KSecDD driver☆269Apr 19, 2024Updated 2 years ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆470Aug 2, 2024Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆210Dec 25, 2024Updated last year
- A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.☆177May 13, 2024Updated 2 years ago
- Dump cookies and credentials directly from Chrome/Edge process memory☆1,459Apr 9, 2026Updated last month
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- HookChain: A new perspective for Bypassing EDR Solutions☆604Jan 5, 2025Updated last year
- CaptainCredz is a modular and discreet password-spraying tool.☆135Jul 22, 2025Updated 9 months ago
- PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges requir…☆155Jun 10, 2024Updated last year
- DFSCoerce exe revisited version with custom authentication☆43Jan 13, 2024Updated 2 years ago
- Win32 keylogger that supports all (non-ime using) languages correctly☆54Dec 21, 2023Updated 2 years ago
- Evasion by machine code de-optimization.☆426Jul 22, 2024Updated last year
- A centralized and enhanced memory analysis platform☆523Mar 20, 2026Updated 2 months ago
- ☆204May 10, 2026Updated last week
- Dll injection through code page id modification in registry. Based on jonas lykk research☆16Jun 18, 2022Updated 3 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- ☆84May 19, 2024Updated 2 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆379May 24, 2022Updated 3 years ago
- Unpacker for donut shellcode☆22Jun 20, 2020Updated 5 years ago
- Exploit targeting NT kernel in 24H2 Windows Insider Preview☆153Apr 26, 2024Updated 2 years ago
- Analyse MSI files for vulnerabilities☆143Aug 30, 2024Updated last year
- ☆188Jan 23, 2024Updated 2 years ago
- Collect Windows telemetry for Maldev☆477Updated this week