Alternatives and similar repositories for UACBuddy

Users that are interested in UACBuddy are comparing it to the libraries listed below

• EvilBytecode / SsnRetrieval
  Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…
  ☆12Updated 2 months ago
• EvilBytecode / Evilbytecode-Gate
  Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…
  ☆21Updated 2 months ago
• 0xPrimo / Ntdll-Unhooking
  Ntdll Unhooking
  ☆12Updated 2 months ago
• rbmm / RtlClone
  ☆40Updated 4 months ago
• Fadi002 / MalwareInvestigation
  reverse engineering random malwares
  ☆23Updated 4 months ago
• EvilBytecode / Eset-Unload
  Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …
  ☆10Updated 2 months ago
• NUL0x4C / T.D.P.
  Using Thread Description To Hide Shellcodes
  ☆14Updated 2 years ago
• shaddy43 / AES_Shellcode_Encryptor
  This repository contains a tool that can encrypt all type of files and give the encrypted output in the form of an encrypted shellcode. P…
  ☆15Updated 3 years ago
• EvilBytecode / Evilbytecode-Anti-VM
  Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.
  ☆21Updated 2 months ago
• cocomelonc / 2022-01-24-malware-injection-15
  Process injection via KernelCallbackTable
  ☆14Updated 3 years ago
• qwqdanchun / RainbowSheep
  Change hash for a signed pe
  ☆16Updated last year
• EvilBytecode / Powershell-Persistance
  Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…
  ☆9Updated 2 months ago
• rbmm / PPL
  run process as PPL Antimalware
  ☆10Updated last year
• knight0x07 / NailaoLoader-Hiding-Execution-Flow
  NailaoLoader: Hiding Execution Flow via Patching
  ☆21Updated 3 months ago
• C5Hackr / c_syscalls
  https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.
  ☆31Updated last year
• hackforyourentertainment / Misery
  Misery Loader to bypass modern EDR solutions
  ☆11Updated 6 months ago
• paranoidninja / DotNetTracer
  C code to enable ETW tracing for Dotnet Assemblies
  ☆31Updated 2 years ago
• bot984397 / eepy
  ☆31Updated 2 months ago
• redskal / obfuscatxor
  Near compile-time string obfuscation for Golang
  ☆13Updated last year
• keowu / InstrumentationCallbackToolKit
  A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…
  ☆31Updated last year
• Cracked5pider / unguard-eat
  havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets
  ☆30Updated 10 months ago
• AlSch092 / HideStaticReferences
  Research into removing strings & API call references at compile-time (Anti-Analysis)
  ☆27Updated last year
• RobinFassinaMoschiniForks / bootdoor
  Former UEFI Firmware Rootkit Replicating MoonBounce / ESPECTRE
  ☆10Updated 3 years ago
• r0keb / MunIntel
  kASLR bypass technique on Intel CPUs.
  ☆14Updated last month
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆35Updated 3 years ago
• Fadi002 / BlankOBF-deobfuscator
  Deobfuscator for : https://github.com/Blank-c/BlankOBF
  ☆14Updated last year
• klezVirus / DCKFinder
  Dangling COM Keys Finder
  ☆17Updated 3 years ago
• timwhitez / Doge-Obf
  golang String Obfuscate
  ☆9Updated 3 years ago
• arsium / BypassGetModuleBaseAddressAndGetExportAddress
  A proof of concept of real custom GetProcAddress and GetModuleBaseAddress
  ☆20Updated 2 years ago
• Jasper1467 / WindowsDefender_Rebuild
  An attempt at reversing WindowsDefender
  ☆20Updated 8 months ago