Alternatives and similar repositories for volatility3-mcp

Users that are interested in volatility3-mcp are comparing it to the libraries listed below

• V-i-x-x / kernel-callback-removal
  kernel callback removal (Bypassing EDR Detections)
  ☆193Updated 6 months ago
• dslee2022 / SignatureKid
  ☆363Updated 4 months ago
• jakydibe / Zone
  ☆17Updated last month
• dobin / RedEdr
  Collect Windows telemetry for Maldev
  ☆426Updated 3 weeks ago
• GB102 / VirtualEXploiter
  VFGadget locator to facilitate Counterfeit Object-Oriented Programming (COOP) and Loop-Oriented Programming (LOP) attacks to bypass advan…
  ☆18Updated 7 months ago
• Maldev-Academy / MaldevAcademyLdr.2
  RunPE implementation with multiple evasive techniques
  ☆214Updated 3 weeks ago
• vxCrypt0r / Voidmaw
  A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…
  ☆331Updated last year
• Cracked5pider / earlycascade-injection
  early cascade injection PoC based on Outflanks blog post
  ☆232Updated 11 months ago
• HackLike-co / Cloak
  Generate Secure, Polymorphic, Evasive Payloads
  ☆26Updated 2 weeks ago
• BlackSnufkin / BYOVD
  BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).
  ☆396Updated last month
• hasherezade / waiting_thread_hijacking
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆246Updated last month
• rbmm / SC_DEMO
  ☆120Updated 7 months ago
• tijme / dittobytes
  Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.
  ☆532Updated last month
• xrombar / flower
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆105Updated last year
• Maldev-Academy / AlphabeticalPolyShellGen
  Generate an Alphabetical Polymorphic Shellcode
  ☆126Updated 2 months ago
• CyberSecurityUP / Offensive-Windows-Drivers-Development
  ☆160Updated 7 months ago
• rtecCyberSec / Packer_Development
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆271Updated last year
• Maldev-Academy / LsassHijackingViaReg
  Injecting DLL into LSASS at boot
  ☆143Updated 5 months ago
• Kudaes / MFTool
  Direct access to NTFS volumes
  ☆279Updated last month
• janoglezcampos / llvm-yx-callobfuscator
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆315Updated last year
• 0xsch1zo / NullGate
  Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
  ☆155Updated 2 months ago
• TwoSevenOneT / EDR-Freeze
  EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.
  ☆639Updated last week
• 0xNinjaCyclone / EarlyCascade
  A PoC for Early Cascade process injection technique.
  ☆198Updated 8 months ago
• c2pain / RustPatchlessCLRLoader
  .NET assembly loader with patchless AMSI and ETW bypass in Rust
  ☆54Updated last year
• 0xHossam / KernelCallbackTable-Injection-PoC
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆234Updated 11 months ago
• rad9800 / hwbp4mw
  ☆265Updated 2 years ago
• rad9800 / BootExecuteEDR
  ☆403Updated 10 months ago
• chryzsh / awesome-bof
  🧠 The ultimate, community-curated resource for Beacon Object Files (BOFs) — tutorials, how-tos, deep dives, and reference materials.
  ☆88Updated 2 weeks ago
• 0xJs / BYOVD_read_write_primitive
  Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
  ☆191Updated last month
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆210Updated 9 months ago