Z4kSec/IoctlHunter external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Z4kSec/IoctlHunter

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Z4kSec/IoctlHunter)

Close

Z4kSec / IoctlHunterView on GitHubMore

• External links
• Readme badge

IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.

☆109Jan 17, 2024Updated 2 years ago

Alternatives and similar repositories for IoctlHunter

Users that are interested in IoctlHunter are comparing it to the libraries listed below

• blackarrowsec / Handly

  View on GitHub
  Abuse leaked token handles.
  ☆136Dec 14, 2023Updated 2 years ago
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆411Jan 11, 2026Updated last month
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆614Jan 2, 2025Updated last year
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆101Oct 7, 2023Updated 2 years ago
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆63Mar 19, 2024Updated last year
• mandiant / msi-search

  View on GitHub
  ☆291Jul 20, 2023Updated 2 years ago
• susMdT / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆52Dec 4, 2023Updated 2 years ago
• ipSlav / DirtyCLR

  View on GitHub
  An App Domain Manager Injection DLL PoC on steroids
  ☆212Dec 14, 2023Updated 2 years ago
• whokilleddb / ETWListicle

  View on GitHub
  List the ETW provider(s) in the registration table of a process.
  ☆80Sep 20, 2023Updated 2 years ago
• Mr-Un1k0d3r / Cookie-and-Handle-Stealer

  View on GitHub
  C or BOF file to extract WebKit master key to decrypt user cookie
  ☆207Apr 29, 2024Updated last year
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆435Dec 21, 2023Updated 2 years ago
• lem0nSec / Dsebler

  View on GitHub
  Reimplementation of the KExecDD DSE bypass technique.
  ☆59Sep 7, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• nbaertsch / nimHeapEnc

  View on GitHub
  Heap encryption in Nim
  ☆20Aug 25, 2024Updated last year
• scrt / KexecDDPlus

  View on GitHub
  Exploiting the KsecDD Windows driver through Server Silos
  ☆77Nov 11, 2024Updated last year
• BlackSnufkin / NovaLdr

  View on GitHub
  Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
  ☆262Jun 29, 2024Updated last year
• Mr-Un1k0d3r / MsGraphFunzy

  View on GitHub
  Scripts to interact with Microsoft Graph APIs
  ☆44Nov 7, 2024Updated last year
• 0xTriboulet / T-70

  View on GitHub
  A proof-of-concept shellcode loader that leverages AI/ML face recognition models to verify the identity of a user on a target system
  ☆43Oct 30, 2024Updated last year
• dinosn / citrix_cve-2023-4966

  View on GitHub
  Citrix CVE-2023-4966 from assetnote modified for parallel and file handling
  ☆11Oct 25, 2023Updated 2 years ago
• ibaiC / FriendlyFireBOF

  View on GitHub
  A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
  ☆57Apr 14, 2025Updated 10 months ago
• MythicAgents / Hannibal

  View on GitHub
  A Mythic Agent written in PIC C.
  ☆206Feb 4, 2025Updated last year
• EvanMcBroom / lsa-whisperer

  View on GitHub
  Tools for interacting with authentication packages using their individual message protocols
  ☆409Mar 1, 2026Updated last week
• farfella / in-memory-cpython

  View on GitHub
  An In-memory Embedding of CPython
  ☆31May 24, 2021Updated 4 years ago
• nickzer0 / RagingRotator

  View on GitHub
  A tool for carrying out brute force attacks against Office 365, with built in IP rotation use AWS gateways.
  ☆80Jun 6, 2024Updated last year
• nettitude / Tartarus-TpAllocInject

  View on GitHub
  ☆210Nov 28, 2023Updated 2 years ago
• LuemmelSec / APEX

  View on GitHub
  Azure Post Exploitation Framework
  ☆244Oct 27, 2025Updated 4 months ago
• CICADA8-Research / COMThanasia

  View on GitHub
  A set of programs for analyzing common vulnerabilities in COM
  ☆249Sep 8, 2024Updated last year
• decoder-it / ADCSCoercePotato

  View on GitHub
  ☆242May 5, 2024Updated last year
• icyguider / UAC-BOF-Bonanza

  View on GitHub
  Collection of UAC Bypass Techniques Weaponized as BOFs
  ☆609Feb 21, 2024Updated 2 years ago
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• DriverHunter / Win-Driver-EXP

  View on GitHub
  This repo contains EXPs about Vulnerable Windows Driver
  ☆47May 22, 2024Updated last year
• Offensive-Panda / LsassReflectDumping

  View on GitHub
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆215Oct 19, 2024Updated last year
• hackerhouse-opensource / Artillery

  View on GitHub
  CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…
  ☆183Feb 2, 2026Updated last month
• EvanMcBroom / perfect-loader

  View on GitHub
  Load a dynamic library from memory by modifying the native Windows loader
  ☆286Jun 18, 2025Updated 8 months ago
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆284Feb 8, 2025Updated last year
• MalwareTech / EDR-Preloader

  View on GitHub
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆541Feb 13, 2024Updated 2 years ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆382Dec 13, 2024Updated last year
• hasherezade / waiting_thread_hijacking

  View on GitHub
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆264Aug 31, 2025Updated 6 months ago
• nbaertsch / AutoAppDomainHijack

  View on GitHub
  Automated .NET AppDomain hijack payload generation
  ☆129Feb 4, 2025Updated last year