Alternatives and similar repositories for volatility3-mcp

Users that are interested in volatility3-mcp are comparing it to the libraries listed below

• dslee2022 / SignatureKid
  ☆331Updated last month
• V-i-x-x / kernel-callback-removal
  kernel callback removal (Bypassing EDR Detections)
  ☆179Updated 4 months ago
• hasherezade / waiting_thread_hijacking
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆224Updated last month
• dobin / RedEdr
  Collect Windows telemetry for Maldev
  ☆375Updated last week
• mar-ket-vector / VXpp
  VFGadget locator to facilitate Counterfeit Object-Oriented Programming (COOP) and Loop-Oriented Programming (LOP) attacks to bypass advan…
  ☆16Updated 4 months ago
• vxCrypt0r / Voidmaw
  A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…
  ☆317Updated 9 months ago
• BlackSnufkin / BYOVD
  Some POCs for my BYOVD research and find some vulnerable drivers
  ☆268Updated last month
• 0xHossam / KernelCallbackTable-Injection-PoC
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆228Updated 8 months ago
• 0xflux / Sanctum
  Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antiv…
  ☆236Updated 3 weeks ago
• hasherezade / thread_namecalling
  Process Injection using Thread Name
  ☆274Updated 3 months ago
• rad9800 / BootExecuteEDR
  ☆401Updated 7 months ago
• Cracked5pider / earlycascade-injection
  early cascade injection PoC based on Outflanks blog post
  ☆222Updated 8 months ago
• klezVirus / DriverJack
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆344Updated 11 months ago
• Maldev-Academy / LsassHijackingViaReg
  Injecting DLL into LSASS at boot
  ☆129Updated 2 months ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆201Updated 6 months ago
• jakydibe / Zone
  ☆16Updated 2 months ago
• senzee1984 / MutationGate
  Use hardware breakpoint to dynamically change SSN in run-time
  ☆261Updated last year
• kleiton0x00 / Proxy-DLL-Loads
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆350Updated 5 months ago
• janoglezcampos / llvm-yx-callobfuscator
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆296Updated last year
• An0nUD4Y / AV-EDR-Lab-Environment-Setup
  AV/EDR Lab environment setup references to help in Malware development
  ☆392Updated 5 months ago
• CyberSecurityUP / Offensive-Windows-Drivers-Development
  ☆157Updated 4 months ago
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆251Updated last year
• 0xNinjaCyclone / EarlyCascade
  A PoC for Early Cascade process injection technique.
  ☆186Updated 5 months ago
• ExaTrack / Kdrill
  Python tool to check rootkits in Windows kernel
  ☆197Updated 4 months ago
• paskalian / WID_LoadLibrary
  Reverse engineering winapi function loadlibrary.
  ☆203Updated 2 years ago
• WKL-Sec / LayeredSyscall
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆269Updated 11 months ago
• xrombar / flower
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆105Updated last year
• rad9800 / hwbp4mw
  ☆259Updated 2 years ago
• Kudaes / Eclipse
  Activation Context Hijack
  ☆155Updated 7 months ago
• MrAle98 / CVE-2025-21333-POC
  POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY
  ☆196Updated 3 months ago