simple user-mode Rootkit
☆108Oct 24, 2022Updated 3 years ago
Alternatives and similar repositories for URootkit
Users that are interested in URootkit are comparing it to the libraries listed below
Sorting:
- Simple API Hooks detector☆77Aug 22, 2022Updated 3 years ago
- Simple x86 Trampoline Hook☆44Aug 3, 2022Updated 3 years ago
- Bypass Malware Sandbox Evasion Ram check☆141Jan 3, 2023Updated 3 years ago
- Bypass Malware Time Delays☆107Sep 23, 2022Updated 3 years ago
- Now You See Me, Now You Don't☆1,024Jan 23, 2026Updated last month
- APT38 Tactic PoC for Stealing 0days from security researchers☆323May 30, 2025Updated 8 months ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆82May 23, 2023Updated 2 years ago
- Detours implementation (x64/x86) which used only ntdll import☆90Oct 14, 2025Updated 4 months ago
- This is just a x64dbg script system support.☆48Jul 6, 2022Updated 3 years ago
- Exports monitoring plugin for x64dbg☆22Mar 14, 2023Updated 2 years ago
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆173Apr 27, 2023Updated 2 years ago
- Multiplayer snake game written at a single weekend☆13Jul 10, 2019Updated 6 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆268Aug 31, 2022Updated 3 years ago
- Plugin for x64dbg to disable parallel loading of dependencies☆19Sep 3, 2022Updated 3 years ago
- A Windows API hooking library !☆31Aug 29, 2022Updated 3 years ago
- Kernel Mode Driver for Elevating Process Privileges☆132Mar 23, 2023Updated 2 years ago
- .lib file for linking against the NT CRT☆18Mar 18, 2022Updated 3 years ago
- simple shellcode injector☆118Aug 4, 2022Updated 3 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆249Jul 9, 2024Updated last year
- miscellaneous scripts and programs☆277Jan 23, 2025Updated last year
- Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.☆934Mar 29, 2022Updated 3 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆209Nov 12, 2025Updated 3 months ago
- Trolling Keyloggers by Forcing them to log Specific Text then freezing them☆22Jul 30, 2022Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆92Mar 23, 2023Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- x64dbg python3 plugin☆32Jan 4, 2026Updated last month
- Windows x64 kernel mode rootkit process hollowing POC.☆189Jun 30, 2023Updated 2 years ago
- Yet, Another Packer/Loader☆25Feb 26, 2023Updated 3 years ago
- A really good cybersec reading materials.☆13Aug 13, 2022Updated 3 years ago
- A way to detect DBI frameworks, Debuggers and VMs.☆24Nov 17, 2020Updated 5 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- Lifetime AMSI bypass☆671Sep 26, 2023Updated 2 years ago
- Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.☆674Nov 9, 2023Updated 2 years ago
- A C++14/17 header-only Windows memory editing library with a focus on type safety and modern C++ style.☆13Jun 3, 2019Updated 6 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆242Sep 26, 2023Updated 2 years ago
- PoC MSVC COFF Object file loader/injector.☆185Mar 19, 2021Updated 4 years ago