ZeroMemoryEx/URootkit external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ZeroMemoryEx/URootkit

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ZeroMemoryEx/URootkit)

Close

ZeroMemoryEx / URootkitView on GitHubMore

• External links
• Readme badge

simple user-mode Rootkit

☆109Oct 24, 2022Updated 3 years ago

Alternatives and similar repositories for URootkit

Users that are interested in URootkit are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• ZeroMemoryEx / Hooks_Hunter

  View on GitHub
  Simple API Hooks detector
  ☆77Aug 22, 2022Updated 3 years ago
• ZeroMemoryEx / Bypass-Sandbox-Evasion

  View on GitHub
  Bypass Malware Sandbox Evasion Ram check
  ☆139Jan 3, 2023Updated 3 years ago
• ZeroMemoryEx / SleepKiller

  View on GitHub
  Bypass Malware Time Delays
  ☆105Sep 23, 2022Updated 3 years ago
• ZeroMemoryEx / TrampHook

  View on GitHub
  Simple x86 Trampoline Hook
  ☆44Aug 3, 2022Updated 3 years ago
• ZeroMemoryEx / Chaos-Rootkit

  View on GitHub
  Now You See Me, Now You Don't
  ☆1,043Jan 23, 2026Updated 3 months ago
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• ZeroMemoryEx / APT38-0day-Stealer

  View on GitHub
  APT38 Tactic PoC for Stealing 0days from security researchers
  ☆333May 30, 2025Updated 10 months ago
• ZeroMemoryEx / Overlord

  View on GitHub
  abusing Process Hacker driver to terminate other processes (BYOVD)
  ☆83May 23, 2023Updated 2 years ago
• j4k0m / really-good-cybersec

  View on GitHub
  A really good cybersec reading materials.
  ☆13Aug 13, 2022Updated 3 years ago
• SaadAhla / BlockOpenHandle

  View on GitHub
  Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…
  ☆174Apr 27, 2023Updated 3 years ago
• rbmm / NtDetours

  View on GitHub
  Detours implementation (x64/x86) which used only ntdll import
  ☆93Oct 14, 2025Updated 6 months ago
• therealdreg / cgaty

  View on GitHub
  Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)
  ☆73Aug 11, 2023Updated 2 years ago
• Ahmadmansoor / x64dbgScript

  View on GitHub
  This is just a x64dbg script system support.
  ☆48Jul 6, 2022Updated 3 years ago
• ZeroMemoryEx / Shellcode-Injector

  View on GitHub
  simple shellcode injector
  ☆118Aug 4, 2022Updated 3 years ago
• namazso / msvcrt.lib

  View on GitHub
  .lib file for linking against the NT CRT
  ☆19Mar 18, 2022Updated 4 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• XShar / Win_API_Obfuscation

  View on GitHub
  Скрытие Win API
  ☆26Aug 14, 2019Updated 6 years ago
• KiFilterFiberContext / warbird-hook

  View on GitHub
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆267Aug 31, 2022Updated 3 years ago
• XaFF-XaFF / Cronos-Rootkit

  View on GitHub
  Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
  ☆945Mar 29, 2022Updated 4 years ago
• XaFF-XaFF / Kernel-Process-Hollowing

  View on GitHub
  Windows x64 kernel mode rootkit process hollowing POC.
  ☆191Jun 30, 2023Updated 2 years ago
• rad9800 / VehApiResolve

  View on GitHub
  ☆119Aug 7, 2022Updated 3 years ago
• h311d1n3r / LetsHook

  View on GitHub
  A Windows API hooking library !
  ☆32Aug 29, 2022Updated 3 years ago
• ZehMatt / SnakeRoyal

  View on GitHub
  Multiplayer snake game written at a single weekend
  ☆13Jul 10, 2019Updated 6 years ago
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆140Sep 12, 2022Updated 3 years ago
• ZeroMemoryEx / Tokenizer

  View on GitHub
  Kernel Mode Driver for Elevating Process Privileges
  ☆132Mar 23, 2023Updated 3 years ago
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• mrexodia / DisableParallelLoader

  View on GitHub
  Plugin for x64dbg to disable parallel loading of dependencies
  ☆19Sep 3, 2022Updated 3 years ago
• LloydLabs / shellcode-plain-sight

  View on GitHub
  Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
  ☆211Nov 12, 2025Updated 5 months ago
• armvirus / hook-scanner

  View on GitHub
  Scans all modules in target process for jmp/int3 hooks dissassembles then and follows jmps to destination.
  ☆80Nov 5, 2023Updated 2 years ago
• ZeroMemoryEx / KlTroll

  View on GitHub
  Trolling Keyloggers by Forcing them to log Specific Text then freezing them
  ☆22Jul 30, 2022Updated 3 years ago
• XaFF-XaFF / ZwProcessHollowing

  View on GitHub
  ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
  ☆93Mar 23, 2023Updated 3 years ago
• txsniper / Rootkit-Arsenal

  View on GitHub
  Rootkit Arsenal 2nd Source Code
  ☆15Aug 6, 2013Updated 12 years ago
• Idov31 / Cronos

  View on GitHub
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆623Sep 26, 2023Updated 2 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆251Jul 9, 2024Updated last year
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆281Jan 23, 2025Updated last year
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• ZeroMemoryEx / Amsi-Killer

  View on GitHub
  Lifetime AMSI bypass
  ☆674Sep 26, 2023Updated 2 years ago
• ZeroMemoryEx / Blackout

  View on GitHub
  kill anti-malware protected processes ( BYOVD )
  ☆973Jul 21, 2023Updated 2 years ago
• stdhu / windows-kernel-pagehook

  View on GitHub
  windows kernel pagehook
  ☆42Oct 30, 2022Updated 3 years ago
• alal4465 / HeavensGateHook

  View on GitHub
  Hooking Heavens Gate in a weekend
  ☆13Jan 1, 2022Updated 4 years ago
• XaFF-XaFF / MBR-Overwrite-with-custom-message

  View on GitHub
  Overwrite MBR and add own custom message
  ☆16Apr 1, 2020Updated 6 years ago
• bytecode77 / enter-product-key-privilege-escalation

  View on GitHub
  Enter Product Key Volatile Environment LPE
  ☆13Jun 28, 2025Updated 10 months ago
• loneicewolf / smbdoor

  View on GitHub
  improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys
  ☆49Mar 10, 2023Updated 3 years ago