Alternatives and similar repositories for ntkrnlProtectScan

Users that are interested in ntkrnlProtectScan are comparing it to the libraries listed below

• Crowdfense / CVE-2024-21338
  Windows AppLocker Driver (appid.sys) LPE
  ☆59Updated 10 months ago
• bluefrostsecurity / Windows-Drive-Remapping-EoP
  ☆31Updated last year
• lleon1435 / Kernel_VADInjector
  Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver
  ☆50Updated last year
• 0xJs / EnumMitigations
  Reports on Driver, LSASS and other security services mitigations
  ☆16Updated last month
• C5Hackr / c_syscalls
  https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.
  ☆31Updated 11 months ago
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆35Updated 3 years ago
• AlSch092 / HideStaticReferences
  Research into removing strings & API call references at compile-time (Anti-Analysis)
  ☆27Updated last year
• CyberSecurityUP / ProcessKiller-BYOVD
  BYOVD Technique Example using viragt64 driver
  ☆40Updated 10 months ago
• xct / CVE-2024-27460
  Plantronics Desktop Hub LPE
  ☆36Updated last year
• fin3ss3g0d / HookFinder
  Simple PoC to locate hooked functions by EDR in ntdll.dll
  ☆36Updated last year
• MMitsuha / Tajimari
  the Open Source and Pure C++ Packer for eXecutables
  ☆21Updated 2 years ago
• lem0nSec / Dsebler
  Reimplementation of the KExecDD DSE bypass technique.
  ☆46Updated 8 months ago
• TraiLeR2 / CVE-2023-36168
  An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component
  ☆11Updated last year
• Idov31 / NidhoggCSharpApi
  C# API for Nidhogg rootkit
  ☆17Updated last year
• UmaRex01 / HookSentry
  Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.
  ☆28Updated last month
• pygrum / gimmick
  Section-based payload obfuscation technique for x64
  ☆59Updated 9 months ago
• hackerhouse-opensource / Gigabyte_ElevatePersist
  Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming an…
  ☆31Updated 2 years ago
• knight0x07 / NailaoLoader-Hiding-Execution-Flow
  NailaoLoader: Hiding Execution Flow via Patching
  ☆21Updated 3 months ago
• Slowerzs / CryptDecryptMemory
  ☆30Updated 6 months ago
• tykawaii98 / CVE-2024-21338_PoC
  ☆39Updated 11 months ago
• Kharos102 / ReadWriteDriverSample
  ☆21Updated last year
• Meowmycks / etwunhook
  Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.
  ☆47Updated last year
• Faran-17 / EarlyBird-APC-Injection
  Demonstration of Early Bird APC Injection - MITRE ID T1055.004
  ☆32Updated last year
• Teach2Breach / snapinject_rs
  A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
  ☆49Updated 4 months ago
• Allevon412 / ReflectiveDLLInjector
  This program is used to perform reflective DLL Injection to a remote process specified by the user.
  ☆65Updated last year
• Offensive-Panda / .NET_PROFILER_DLL_LOADING
  .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…
  ☆42Updated 10 months ago
• matterpreter / cpuid
  A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class
  ☆26Updated last year
• nothingspecialforu / EvtPsst
  EvtPsst
  ☆53Updated last year
• alfarom256 / HPHardwareDiagnostics-PoC
  PoC exploit for HP Hardware Diagnostic's EtdSupp driver
  ☆50Updated 2 years ago
• b4rth0v5k1 / EarlyBirdNTDLL
  ☆36Updated 2 years ago