Alternatives and similar repositories for VDR

Users that are interested in VDR are comparing it to the libraries listed below

• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆243Sep 26, 2023Updated 2 years ago
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆408Jan 11, 2026Updated last month
• ucsb-seclab / popkorn-artifact

  View on GitHub
  ☆86Aug 16, 2025Updated 6 months ago
• OtterHacker / SetProcessInjection

  View on GitHub
  ☆151Oct 2, 2023Updated 2 years ago
• icyguider / LatLoader

  View on GitHub
  PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
  ☆307Dec 9, 2023Updated 2 years ago
• ElliotKillick / LdrLockLiberator

  View on GitHub
  For when DLLMain is the only way
  ☆423Oct 29, 2024Updated last year
• bluefrostsecurity / Windows-Drive-Remapping-EoP

  View on GitHub
  ☆35Nov 16, 2023Updated 2 years ago
• EvanMcBroom / perfect-loader

  View on GitHub
  Load a dynamic library from memory by modifying the native Windows loader
  ☆282Jun 18, 2025Updated 7 months ago
• CognisysGroup / SweetDreams

  View on GitHub
  Implementation of Advanced Module Stomping and Heap/Stack Encryption
  ☆225Jul 25, 2023Updated 2 years ago
• thalium / ida_kmdf

  View on GitHub
  ☆85Mar 2, 2025Updated 11 months ago
• Orange-Cyberdefense / EDRSnowblast

  View on GitHub
  This project is an EDRSandblast fork, adding some features and custom pieces of code.
  ☆25Sep 29, 2023Updated 2 years ago
• zeze-zeze / HITCON-2023-Demo-CVE-2023-20562

  View on GitHub
  ☆61Aug 21, 2023Updated 2 years ago
• Cracked5pider / LdrLibraryEx

  View on GitHub
  A small x64 library to load dll's into memory.
  ☆455Nov 6, 2023Updated 2 years ago
• YOLOP0wn / EchoDrv

  View on GitHub
  Exploitation of echo_driver.sys
  ☆170Sep 16, 2023Updated 2 years ago
• 0dayResearchLab / msFuzz

  View on GitHub
  msFuzz is a coverage-guided fuzzer for Windows kernel drivers that utilizes Intel PT and leverages constraint and dependency analysis to …
  ☆217Dec 24, 2025Updated last month
• MzHmO / TGSThief

  View on GitHub
  My implementation of the GIUDA project in C++
  ☆189Jul 25, 2023Updated 2 years ago
• klezVirus / DriverJack

  View on GitHub
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆358Aug 11, 2024Updated last year
• susMdT / LoudSunRun

  View on GitHub
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆254Oct 16, 2024Updated last year
• passthehashbrowns / BOFMask

  View on GitHub
  ☆126Jun 28, 2023Updated 2 years ago
• NUL0x4C / KnownDllUnhook

  View on GitHub
  Replace the .txt section of the current loaded modules from \KnownDlls\
  ☆305Sep 28, 2022Updated 3 years ago
• Flerov / EAKC-EnumAllKernelCallbacks

  View on GitHub
  Enumerate Callbacks and all Object Types
  ☆16Jan 9, 2023Updated 3 years ago
• hackerhouse-opensource / Artillery

  View on GitHub
  CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…
  ☆182Feb 2, 2026Updated 2 weeks ago
• jonny-jhnson / RandomPOCs

  View on GitHub
  Repo that holds random POCs
  ☆52Jan 8, 2024Updated 2 years ago
• S3cur3Th1sSh1t / Caro-Kann

  View on GitHub
  Encrypted shellcode Injection to avoid Kernel triggered memory scans
  ☆407Sep 12, 2023Updated 2 years ago
• CICADA8-Research / IHxExec

  View on GitHub
  Process injection alternative
  ☆404Sep 6, 2024Updated last year
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆612Jan 2, 2025Updated last year
• xalicex / Killers

  View on GitHub
  Exploitation of process killer drivers
  ☆202Oct 17, 2023Updated 2 years ago
• Hagrid29 / BYOVDKit

  View on GitHub
  bring your own vulnerable driver
  ☆112May 17, 2023Updated 2 years ago
• nothingspecialforu / EvtPsst

  View on GitHub
  EvtPsst
  ☆55Oct 24, 2023Updated 2 years ago
• naksyn / ModuleShifting

  View on GitHub
  Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…
  ☆128Sep 27, 2023Updated 2 years ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• reverseame / modex

  View on GitHub
  Volatility 3 plugins to extract a module as complete as possible
  ☆12Jun 13, 2023Updated 2 years ago
• WKL-Sec / dcomhijack

  View on GitHub
  Lateral Movement Using DCOM and DLL Hijacking
  ☆325Jun 18, 2023Updated 2 years ago
• daem0nc0re / PrivFu

  View on GitHub
  Kernel mode WinDbg extension and PoCs for token privilege investigation.
  ☆900Jan 21, 2025Updated last year
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆678Oct 23, 2024Updated last year
• zeze-zeze / ioctlance

  View on GitHub
  A tool that is used to hunt vulnerabilities in x64 WDM drivers
  ☆436Dec 7, 2025Updated 2 months ago
• matterpreter / cpuid

  View on GitHub
  A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class
  ☆27Sep 15, 2023Updated 2 years ago
• daem0nc0re / TangledWinExec

  View on GitHub
  PoCs and tools for investigation of Windows process execution techniques
  ☆953Feb 2, 2026Updated 2 weeks ago
• MalwareTech / EDR-Preloader

  View on GitHub
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆539Feb 13, 2024Updated 2 years ago