Alternatives and similar repositories for volatility3-mcp

Users that are interested in volatility3-mcp are comparing it to the libraries listed below

• V-i-x-x / kernel-callback-removal
  kernel callback removal (Bypassing EDR Detections)
  ☆190Updated 6 months ago
• jakydibe / Zone
  ☆17Updated last week
• dslee2022 / SignatureKid
  ☆357Updated 3 months ago
• GB102 / VirtualEXploiter
  VFGadget locator to facilitate Counterfeit Object-Oriented Programming (COOP) and Loop-Oriented Programming (LOP) attacks to bypass advan…
  ☆18Updated 6 months ago
• 0xflux / Sanctum
  Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antiv…
  ☆356Updated 3 weeks ago
• Maldev-Academy / LsassHijackingViaReg
  Injecting DLL into LSASS at boot
  ☆138Updated 4 months ago
• dobin / RedEdr
  Collect Windows telemetry for Maldev
  ☆421Updated this week
• TwoSevenOneT / CreateProcessAsPPL
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆224Updated last week
• Offensive-Panda / DefenseEvasionTechniques
  This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead…
  ☆132Updated 4 months ago
• hasherezade / thread_namecalling
  Process Injection using Thread Name
  ☆280Updated 5 months ago
• Cracked5pider / earlycascade-injection
  early cascade injection PoC based on Outflanks blog post
  ☆230Updated 10 months ago
• CyberSecurityUP / Offensive-Windows-Drivers-Development
  ☆161Updated 6 months ago
• danafaye / WindowsAPIAbuseAtlas
  A living guide to lesser-known and evasive Windows API abuses used in malware, with practical reverse engineering notes, YARA detections,…
  ☆71Updated this week
• xrombar / flower
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆105Updated last year
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆207Updated 8 months ago
• rbmm / SC_DEMO
  ☆120Updated 6 months ago
• Kudaes / Eclipse
  Activation Context Hijack
  ☆165Updated last month
• 0xHossam / KernelCallbackTable-Injection-PoC
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆232Updated 10 months ago
• silentwarble / PIC-Library
  A collection of position independent coding resources
  ☆94Updated 2 weeks ago
• paskalian / WID_LoadLibrary
  Reverse engineering winapi function loadlibrary.
  ☆216Updated 2 years ago
• 0xJs / BYOVD_read_write_primitive
  Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
  ☆186Updated last month
• klezVirus / DriverJack
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆352Updated last year
• tijme / relocatable
  Boilerplate to develop raw and truly Position Independent Code (PIC).
  ☆103Updated 8 months ago
• hasherezade / waiting_thread_hijacking
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆243Updated 3 weeks ago
• vxCrypt0r / Voidmaw
  A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…
  ☆331Updated 11 months ago
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆161Updated 10 months ago
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆257Updated last year
• Maldev-Academy / AlphabeticalPolyShellGen
  Generate an Alphabetical Polymorphic Shellcode
  ☆116Updated last month
• mannyfred / SentinelBruh
  Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution
  ☆43Updated last year
• NtDallas / KrakenMask
  Sleep obfuscation
  ☆238Updated 9 months ago