Alternatives and similar repositories for volundr

Users that are interested in volundr are comparing it to the libraries listed below

• ksen-lin / nitara2
  yet another hidden LKM hunter
  ☆29Updated last month
• MatheuZSecurity / UnhookingLinuxEdr
  Attacking the cleanup_module function of a kernel module
  ☆48Updated 3 months ago
• ulexec / SHELF-Loading
  Evasive ELF Static PIE User-Land-Exec featured in Tmpout Vol 1.
  ☆28Updated 4 years ago
• h3xduck / Umbra
  A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…
  ☆130Updated 4 years ago
• mav8557 / virus
  Polymorphic ELF Virus
  ☆17Updated 3 years ago
• hasherezade / pesieve-go
  Golang bindings for PE-sieve
  ☆42Updated last year
• kyleavery / pendulum
  Linux Sleep Obfuscation
  ☆106Updated last year
• milabs / kopycat
  Linux Kernel module-less implant (backdoor)
  ☆74Updated 4 years ago
• pygrum / monarch
  Monarch - The Adversary Emulation Toolkit
  ☆63Updated 9 months ago
• ic3qu33n / michelangelo-reanimator
  Michelangelo REanimator bootkit and REcon 2023 talk slides/materials
  ☆30Updated last year
• redcode-labs / Solaris
  A local LKM rootkit loader/dropper that lists available security mechanisms
  ☆52Updated 4 years ago
• iDigitalFlame / XrMT
  e(X)tensiable (Rust) Malware Toolkit: (Soon!) Full Featured Rust C2 Framework with Awesome Features!
  ☆25Updated last year
• MythicMeta / MythicContainer
  GoLang package for creating Mythic Payload Types, C2 Profiles, Translation Services, WebHook listeners, and Loggers
  ☆20Updated 2 weeks ago
• frank2 / blenny
  A payload delivery system which embeds payloads in an executable's icon file!
  ☆74Updated last year
• rhotav / PT_LOAD-Injector
  An injector that use PT_LOAD technique
  ☆12Updated 2 years ago
• EgeBalci / syscall_api
  ☆37Updated 2 years ago
• FFRI / ShadeBIOS
  PoC code of Shade BIOS (stripped) presented at Black Hat USA 2025
  ☆58Updated 3 months ago
• bluedragonsecurity / bds_lkm_ftrace
  Ftrace Based Linux Loadable Kernel Module Rootkit for Linux Kernel 5.x and 6.x on x86_64, hides files, hides process, hides bind shell & …
  ☆27Updated 2 years ago
• therealdreg / dregate
  call gates as stable comunication channel for NT x86 and Linux x86_64
  ☆32Updated 2 years ago
• NUL0x4C / GP
  using the gpu to hide your payload
  ☆62Updated 3 years ago
• cyberark / malware-research
  ☆37Updated 7 months ago
• BitsByWill / ksmbd-n-day
  Authenticated 0-click RCE against Linux 6.1.45 for CVE-2023-52440 and CVE-2023-4130
  ☆48Updated last month
• farfella / in-memory-cpython
  An In-memory Embedding of CPython
  ☆30Updated 4 years ago
• knight0x07 / WinRAR-Code-Execution-Vulnerability-CVE-2023-38831
  Understanding WinRAR Code Execution Vulnerability (CVE-2023-38831)
  ☆40Updated 2 years ago
• Teach2Breach / Red_Team_Rust
  Collection of Rust repos useful for Red Teamers.
  ☆34Updated 3 years ago
• dis0rder0x00 / CanYouCTheThief
  A C implementation of the Sektor7 "A Thief" Windows privesc technique.
  ☆67Updated 3 years ago
• epi052 / rustdsplit
  At some point, I learned about a method to perform a binary search on a file in order to identify its AV signature and change it to bypas…
  ☆35Updated 5 years ago
• qtc-de / rpv-web
  rpv-web is a browser based frontend for the rpv library
  ☆25Updated 5 months ago
• zimnyaa / beepsyscall
  An adaptation of timwhitez's proxycall that uses kernelbase.dll!Beep.
  ☆15Updated last year
• arget13 / memdlopen
  dlopen() filelessly a shared object or even a program (and run it).
  ☆56Updated 2 years ago