Alternatives and similar repositories for Bootkits-Rootkits-Development-Environment

Users that are interested in Bootkits-Rootkits-Development-Environment are comparing it to the libraries listed below

• TheMalwareGuardian / Benthic
  Windows Kernel Rootkit
  ☆29Updated 2 months ago
• connormcgarr / EATGuard
  Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)
  ☆114Updated 2 years ago
• connormcgarr / Vtl1Mon
  Virtual Trust Level (VTL 1) secure call tracing
  ☆81Updated 2 months ago
• mrexodia / RiscyWorkshop
  Payload Obfuscation for Red Teams workshop materials
  ☆75Updated 2 weeks ago
• TheMalwareGuardian / Abyss
  Windows UEFI Bootkit
  ☆48Updated 2 months ago
• connormcgarr / SkBridge
  Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1
  ☆65Updated 2 months ago
• xforcered / Windows_MSKSSRV_LPE_CVE-2023-36802
  LPE exploit for CVE-2023-36802
  ☆24Updated 2 years ago
• Archie-osu / PowerHook
  Hooking KPRCB IdlePreselect function to gain execution inside PID 0.
  ☆73Updated 6 months ago
• tyranid / windows-memory-access-traps
  A few examples of how to trap virtual memory access on Windows.
  ☆35Updated 10 months ago
• maziland / StackBombing
  Next gen process injection technique
  ☆54Updated 5 years ago
• jdu2600 / Etw-SyscallMonitor
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆85Updated 2 years ago
• Internet-2-0 / Malcore-x64dbg
  This x64dbg plugin allows you to upload your sample to Malcore and view the results.
  ☆36Updated 2 years ago
• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆78Updated 4 months ago
• Slowerzs / KeyJumper
  ☆51Updated 7 months ago
• bluefrostsecurity / Windows-Drive-Remapping-EoP
  ☆34Updated last year
• badhive / alca
  Rule Engine for Dynamic Malware Analysis and Research
  ☆25Updated 6 months ago
• xalicex / Unhook-Import-Address-Table
  Piece of code to detect and remove hooks in IAT
  ☆65Updated 3 years ago
• alfarom256 / MCP-PoC
  Minifilter Callback Patching Proof-of-Concept
  ☆72Updated 3 years ago
• symeonp / Lenovo-CVE-2025-8061
  PoC for popping a system shell against the LnvMSRIO.sys driver
  ☆112Updated last month
• Dor00tkit / BamExtensionTableHook
  Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…
  ☆92Updated 4 months ago
• CaledoniaProject / drivers-binaries
  Exploitable drivers, you know what I mean
  ☆153Updated last month
• JanielDary / weetabix
  A C++ PoC implementation for enumerating Windows Fibers directly from memory
  ☆21Updated last year
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆117Updated last year
• ommadawn46 / HEVD-Exploit-Win10-22H2-KVAS
  HEVD Exploit: ArbitraryWrite on Windows 10 22H2 - Bypassing KVA Shadow and SMEP via PML4 Entry Manipulation
  ☆35Updated last year
• benheise / ANGRYORCHARD
  A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.
  ☆35Updated 3 years ago
• gabriellandau / ShadowStackWalk
  Finding Truth in the Shadows
  ☆115Updated 2 years ago
• zodiacon / Recon2023
  Recon 2023 slides and code
  ☆80Updated 2 years ago
• YoavLevi / IAT-Tracer
  An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…
  ☆120Updated last year
• V-i-x-x / win11-kernel-execution-syscall-hijack
  Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)
  ☆48Updated 4 months ago
• XaFF-XaFF / Kernel-Process-Hollowing
  Windows x64 kernel mode rootkit process hollowing POC.
  ☆189Updated 2 years ago