Alternatives and similar repositories for EtwLeakKernel

Users that are interested in EtwLeakKernel are comparing it to the libraries listed below

• leftp / RegPersist

  View on GitHub
  a BOF implementation of various registry persistence methods
  ☆95Nov 11, 2025Updated 3 months ago
• r0keb / Windows-Kernel-Shellcode

  View on GitHub
  Three different shellcode techniques on the Windows Kernel
  ☆15Apr 8, 2025Updated 10 months ago
• rbmm / remap

  View on GitHub
  break link between dll and it file on disk
  ☆12Sep 2, 2024Updated last year
• dexterm300 / CVE-2025-62215-exploit-poc

  View on GitHub
  CVE-2025-62215 is an Elevation of Privilege (EoP) vulnerability in the Windows Kernel, disclosed in November 2025 and confirmed to be act…
  ☆26Nov 14, 2025Updated 3 months ago
• KickedDroid / loadstar

  View on GitHub
  A different approach to writing BOFs in rust.
  ☆18Aug 20, 2025Updated 5 months ago
• mallo-m / AxiomSecrets

  View on GitHub
  Dump protected files (SAM,SYSTEM,SECURITY) by parsing the raw NTFS partition
  ☆32Nov 11, 2025Updated 3 months ago
• EvilBytecode / Ebyte-Syscalls

  View on GitHub
  Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…
  ☆114Oct 30, 2025Updated 3 months ago
• NtDallas / BOF_Spawn

  View on GitHub
  Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
  ☆150Nov 23, 2025Updated 2 months ago
• jonny-jhnson / MSFT_DriverBlockList

  View on GitHub
  Repository of Microsoft Driver Block Lists based off of OS-builds
  ☆42Apr 14, 2024Updated last year
• GetRektBoy724 / Win32kHooker

  View on GitHub
  .data ptr swapper for newer win32k versions. (Supports Windows 11)
  ☆33Jan 19, 2026Updated 3 weeks ago
• L4ys / LazyCross

  View on GitHub
  An IDA Pro plugin that display cross-references to functions or variables across the entire binary in Hex-Rays pseudocode
  ☆125Jan 31, 2026Updated 2 weeks ago
• john0312 / hitcon-pcb-badge

  View on GitHub
  ☆46Sep 22, 2025Updated 4 months ago
• Karkas66 / EarlyCascadeImprooved

  View on GitHub
  an Improoved Version of 0xNinjaCyclone´s EarlyCascade Code
  ☆22Feb 20, 2025Updated 11 months ago
• 0xJs / BYOVD_read_write_primitive

  View on GitHub
  Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
  ☆204Aug 21, 2025Updated 5 months ago
• strozfriedberg / EDRSilencer-BOF

  View on GitHub
  Port of the EDRSilencer tool (https://github.com/netero1010/EDRSilencer) to BOF format
  ☆32Oct 22, 2024Updated last year
• backengineering / pdbgen2

  View on GitHub
  Generate a PDB file given the old PDB file and an address mapping
  ☆51Aug 3, 2025Updated 6 months ago
• yardenshafir / IoRing_Demos

  View on GitHub
  A repository for I/O ring demos, use cases and performance testing on Windows
  ☆60Aug 2, 2022Updated 3 years ago
• ZehMatt / x86Tester

  View on GitHub
  x86-64 Automated test data generator
  ☆26Aug 18, 2025Updated 5 months ago
• pard0p / Self-Cleaning-PICO-Loader

  View on GitHub
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆48Nov 2, 2025Updated 3 months ago
• xforcered / Agent-Development-Stack

  View on GitHub
  Backend development stack for agents
  ☆29Jul 30, 2025Updated 6 months ago
• zeze-zeze / ioctlance

  View on GitHub
  A tool that is used to hunt vulnerabilities in x64 WDM drivers
  ☆436Dec 7, 2025Updated 2 months ago
• ShallowFeather / ReadWriteDriver

  View on GitHub
  Read Write Memory without attach
  ☆90Aug 18, 2024Updated last year
• M1ndo / WerDump

  View on GitHub
  A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass
  ☆165Sep 22, 2025Updated 4 months ago
• ucsb-seclab / popkorn-artifact

  View on GitHub
  ☆85Aug 16, 2025Updated 5 months ago
• whokilleddb / funcshenanigans

  View on GitHub
  A bunch of shenanigans using functions, VEH and more
  ☆37Jun 8, 2025Updated 8 months ago
• DownWithUp / WarbirdExamples

  View on GitHub
  An example of how to use Microsoft Windows Warbird technology
  ☆96Apr 23, 2023Updated 2 years ago
• Live-CTF / LiveCTF-DEFCON32

  View on GitHub
  LiveCTF challenges and infrastructure at DEFCON 32 CTF
  ☆21Aug 18, 2025Updated 5 months ago
• CaledoniaProject / drivers-binaries

  View on GitHub
  Exploitable drivers, you know what I mean
  ☆153Nov 16, 2025Updated 2 months ago
• souzomain / Packer

  View on GitHub
  Packer is a compact, fast and crosss-platform serialization library for store data in a buffer
  ☆22Aug 5, 2023Updated 2 years ago
• pard0p / PICO-Implant

  View on GitHub
  PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This projec…
  ☆43Nov 9, 2025Updated 3 months ago
• phoen1xxxx / V8sandbox_bypass

  View on GitHub
  V8sandbox_bypass using stack misalignment
  ☆23Aug 25, 2024Updated last year
• KingOfTheNOPs / Get-NetNTLM

  View on GitHub
  Internal Monologue BOF
  ☆79Dec 28, 2024Updated last year
• mhaskar / FsquirtCPLPoC

  View on GitHub
  PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin
  ☆121Jan 4, 2026Updated last month
• trickster0 / PrimitiveInjection

  View on GitHub
  PrimitiveInjection by using Read, Write and Allocation Primitives.
  ☆53Jun 21, 2025Updated 7 months ago
• koutto / ioctlbf

  View on GitHub
  Windows Kernel Drivers fuzzer
  ☆378Mar 15, 2017Updated 8 years ago
• FFRI / orom-backdoor-research

  View on GitHub
  PoC code and tools for Black Hat USA 2024
  ☆24Aug 1, 2024Updated last year
• ricardojoserf / slae32

  View on GitHub
  The SecurityTube Linux Assembly Expert (SLAE) is an online course and certification which focuses on teaching the basics of 32-bit assemb…
  ☆23Mar 31, 2019Updated 6 years ago
• chainloaded / Kernel-HTTP-Client

  View on GitHub
  Minimalistic HTTP(S) client for the NT kernel
  ☆61Dec 1, 2025Updated 2 months ago
• SaadAhla / Anti-Sandbox

  View on GitHub
  ☆48Nov 26, 2025Updated 2 months ago