Alternatives and similar repositories for VDR:

Users that are interested in VDR are comparing it to the libraries listed below

• Bw3ll / ROP_ROCKET
  ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…
  ☆115Updated last week
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆244Updated 10 months ago
• yardenshafir / IoRingReadWritePrimitive
  Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2
  ☆225Updated 2 years ago
• daem0nc0re / VectorKernel
  PoCs for Kernelmode rootkit techniques research.
  ☆356Updated last month
• janoglezcampos / llvm-yx-callobfuscator
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆272Updated last year
• zeze-zeze / ioctlance
  A tool that is used to hunt vulnerabilities in x64 WDM drivers
  ☆180Updated 2 weeks ago
• 0xHossam / KernelCallbackTable-Injection-PoC
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆205Updated 4 months ago
• hasherezade / thread_namecalling
  Process Injection using Thread Name
  ☆248Updated 6 months ago
• alexander-hanel / msdocsviewer
  msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.
  ☆149Updated last year
• struppigel / hedgehog-tools
  ☆111Updated 3 weeks ago
• YoavLevi / IAT-Tracer
  An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…
  ☆114Updated 8 months ago
• zerozenxlabs / CVE-2023-36424
  Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation
  ☆126Updated 11 months ago
• Sentinel-One / peafl64
  Static Binary Instrumentation tool for Windows x64 executables
  ☆198Updated last month
• fortra / CVE-2023-28252
  ☆177Updated last year
• klezVirus / DriverJack
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆322Updated 7 months ago
• zodiacon / Recon2023
  Recon 2023 slides and code
  ☆79Updated last year
• Bw3ll / sharem
  SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…
  ☆387Updated this week
• rad9800 / hwbp4mw
  ☆252Updated 2 years ago
• alfarom256 / CVE-2022-3699
  Lenovo Diagnostics Driver EoP - Arbitrary R/W
  ☆172Updated 2 years ago
• VirtualAlllocEx / Direct-Syscalls-vs-Indirect-Syscalls
  The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
  ☆178Updated last year
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆241Updated last year
• fortra / CVE-2022-37969
  Windows LPE exploit for CVE-2022-37969
  ☆132Updated last year
• FuzzySecurity / BHUSA-2023
  ☆105Updated 8 months ago
• kleiton0x00 / Proxy-DLL-Loads
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆335Updated last month
• 0vercl0k / snapshot
  WinDbg extension written in Rust to dump the CPU / memory state of a running VM
  ☆113Updated 4 months ago
• Idov31 / Jormungandr
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆229Updated last year
• waleedassar / SimpleNTSyscallFuzzer
  ☆144Updated last year
• gabriellandau / ItsNotASecurityBoundary
  ☆164Updated 7 months ago
• CognisysGroup / SweetDreams
  Implementation of Advanced Module Stomping and Heap/Stack Encryption
  ☆214Updated last year