Python tool to check rootkits in Windows kernel
☆207Aug 20, 2025Updated 6 months ago
Alternatives and similar repositories for Kdrill
Users that are interested in Kdrill are comparing it to the libraries listed below
Sorting:
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆150May 3, 2024Updated last year
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆34Jun 27, 2025Updated 8 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆359Aug 11, 2024Updated last year
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆592Jun 12, 2024Updated last year
- ☆153Jul 31, 2022Updated 3 years ago
- ☆147Oct 29, 2024Updated last year
- ☆27May 6, 2024Updated last year
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆458Aug 2, 2024Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆289May 27, 2024Updated last year
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- anti-ransomware file-system filter☆69Sep 3, 2024Updated last year
- Inject DLLs into the explorer process using icons☆404May 18, 2025Updated 9 months ago
- Tools for analyzing EDR agents☆277Jun 10, 2024Updated last year
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆696Oct 22, 2025Updated 4 months ago
- Exploit targeting NT kernel in 24H2 Windows Insider Preview☆151Apr 26, 2024Updated last year
- PoCs for Kernelmode rootkit techniques research.☆431Nov 4, 2025Updated 3 months ago
- HookChain: A new perspective for Bypassing EDR Solutions☆590Jan 5, 2025Updated last year
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆590Aug 2, 2025Updated 6 months ago
- Dump cookies and credentials directly from Chrome/Edge process memory☆1,408Jan 19, 2026Updated last month
- ☆189Jan 23, 2024Updated 2 years ago
- A small x64 library to load dll's into memory.☆457Nov 6, 2023Updated 2 years ago
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆337Jun 23, 2025Updated 8 months ago
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- ☆113Oct 10, 2022Updated 3 years ago
- Admin to Kernel code execution using the KSecDD driver☆265Apr 19, 2024Updated last year
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆155May 7, 2024Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆209Dec 25, 2024Updated last year
- ☆181Apr 24, 2025Updated 10 months ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆270Oct 31, 2024Updated last year
- A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.☆172May 13, 2024Updated last year
- Small toolkit for extracting information and dumping sensitive strings from Windows processes☆116Jul 17, 2024Updated last year
- A centralized and enhanced memory analysis platform☆519Jul 13, 2025Updated 7 months ago
- Using Windows' own bootloader as a shim to bypass Secure Boot☆225Jul 17, 2024Updated last year
- TeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.☆136Dec 22, 2024Updated last year
- ☆84May 19, 2024Updated last year
- In-memory hiding technique☆63Jan 5, 2025Updated last year
- ☆383Jan 19, 2023Updated 3 years ago