Alternatives and similar repositories for Awesome-Bootkits-Rootkits-Development:

Users that are interested in Awesome-Bootkits-Rootkits-Development are comparing it to the libraries listed below

• TheMalwareGuardian / Bentico
  Windows Kernel Mode Rootkit
  ☆42Updated 3 weeks ago
• TheMalwareGuardian / Abismo
  UEFI Windows Bootkit
  ☆30Updated 9 months ago
• Maldev-Academy / GhostlyHollowingViaTamperedSyscalls
  Implementing the ghostly hollowing PE injection technique using tampered syscalls.
  ☆140Updated 3 weeks ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆173Updated 2 months ago
• ngn13 / shrk
  LKM rootkit for modern kernels, with DNS C2 and a simple web interface
  ☆64Updated 2 weeks ago
• V-i-x-x / kernel-callback-removal
  kernel callback removal (Bypassing EDR Detections)
  ☆142Updated last week
• tehstoni / LexiCrypt
  Shellcode encryptor using a substitution cipher with a randomly generated key.
  ☆120Updated 2 months ago
• SaadAhla / D1rkInject
  Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…
  ☆177Updated last year
• NtDallas / KrakenMask
  Sleep obfuscation
  ☆210Updated 3 months ago
• 0xHossam / KernelCallbackTable-Injection-PoC
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆208Updated 5 months ago
• voidvxvt / HellBunny
  Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks
  ☆98Updated 3 months ago
• WKL-Sec / FuncAddressPro
  A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
  ☆72Updated last year
• WKL-Sec / LayeredSyscall
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆244Updated 8 months ago
• NUL0x4C / FetchPayloadFromDummyFile
  Construct the payload at runtime using an array of offsets
  ☆63Updated 9 months ago
• ZeroMemoryEx / CVE-2025-26125
  (0day) Local Privilege Escalation in IObit Malware Fighter
  ☆124Updated 2 months ago
• 0xHossam / HuffLoader
  Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
  ☆106Updated last year
• CarlosG13 / Process-Hypnosis-Debugger-assisted-control-flow-hijack
  ☆34Updated last year
• susMdT / LoudSunRun
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆211Updated 5 months ago
• XaFF-XaFF / Kernel-Process-Hollowing
  Windows x64 kernel mode rootkit process hollowing POC.
  ☆186Updated last year
• hideckies / hermit
  A command and control framework.
  ☆49Updated 3 months ago
• Faran-17 / Hellshazzard
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆73Updated 7 months ago
• jakobfriedl / BenevolentLoader
  Shellcode loader using direct syscalls via Hell's Gate and payload encryption.
  ☆90Updated 9 months ago
• 0xTriboulet / T-1
  T-1 is a shellcode loader that leverages ML techniques to detect VM environments
  ☆25Updated 5 months ago
• mannyfred / SentinelBruh
  Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution
  ☆42Updated 8 months ago
• Cracked5pider / CodeCave
  A bunch of scripts and code i wrote.
  ☆135Updated 4 months ago
• OtterHacker / Hooker
  ☆103Updated 5 months ago
• deepinstinct / ShimMe
  ☆137Updated 5 months ago
• florylsk / NtRemoteLoad
  Remote Shellcode Injector
  ☆212Updated last year
• xrombar / flower
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆93Updated last year
• vxCrypt0r / AMSI_VEH
  A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…
  ☆158Updated 10 months ago