Alternatives and similar repositories for CreateFile_based_rootkit

Users that are interested in CreateFile_based_rootkit are comparing it to the libraries listed below

• reevesrs24 / EvasiveProcessHollowing
  Evasive Process Hollowing Techniques
  ☆139Updated 4 years ago
• NtRaiseHardError / NINA
  NINA: No Injection, No Allocation x64 Process Injection Technique
  ☆225Updated 4 years ago
• hasherezade / masm_shc
  A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
  ☆178Updated last month
• forrest-orr / phantom-dll-hollower-poc
  Phantom DLL hollowing PoC
  ☆361Updated 3 years ago
• manyfacedllama / amsi-tracer
  Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …
  ☆108Updated 4 years ago
• FSecureLABS / Ninjasploit
  A meterpreter extension for applying hooks to avoid windows defender memory scans
  ☆246Updated 4 years ago
• antonioCoco / Mapping-Injection
  Just another Windows Process Injection
  ☆399Updated 4 years ago
• RedSection / OffensivePH
  OffensivePH - use old Process Hacker driver to bypass several user-mode access controls
  ☆333Updated 3 years ago
• Signal-Labs / NtdllUnpatcher
  Example code for EDR bypassing
  ☆150Updated 6 years ago
• CCob / SylantStrike
  Simple EDR implementation to demonstrate bypass
  ☆173Updated 5 years ago
• am0nsec / vx
  Virus Exchange (VX) - Collection of malware or assembly code used for "offensive" purposed.
  ☆180Updated 3 years ago
• ioncodes / CVE-2020-16938
  Bypassing NTFS permissions to read any files as unprivileged user.
  ☆188Updated 4 years ago
• connormcgarr / Kernel-Exploits
  Kernel Exploits
  ☆253Updated 3 years ago
• passthehashbrowns / hiding-your-syscalls
  Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…
  ☆214Updated 2 years ago
• JLospinoso / cpp-implant
  A simple implant showcasing modern C++
  ☆106Updated 4 years ago
• bats3c / EvtMute
  Apply a filter to the events being reported by windows event logging
  ☆261Updated 4 years ago
• CylanceVulnResearch / ReflectiveDLLRefresher
  Universal Unhooking
  ☆321Updated 6 years ago
• phra / x0rro
  A PE/ELF/MachO Crypter for x86 and x86_64 Based on Radare2
  ☆139Updated 2 years ago
• med0x2e / NoAmci
  Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
  ☆217Updated 5 years ago
• hasherezade / persistence_demos
  Demos of various (also non standard) persistence methods used by malware
  ☆221Updated 2 years ago
• am0nsec / SharpHellsGate
  C# Implementation of the Hell's Gate VX Technique
  ☆214Updated 4 years ago
• hasherezade / module_overloading
  A more stealthy variant of "DLL hollowing"
  ☆347Updated last year
• hasherezade / antianalysis_demos
  Set of antianalysis techniques found in malware
  ☆132Updated last year
• Mr-Un1k0d3r / Shellcoding
  Shellcoding utilities
  ☆222Updated 4 years ago
• SolomonSklash / SleepyCrypt
  A shellcode function to encrypt a running process image when sleeping.
  ☆339Updated 3 years ago
• mdsecactivebreach / firewalker
  ☆151Updated 4 years ago
• hlldz / APC-PPID
  Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.
  ☆158Updated 5 years ago
• 0xpat / COFFInjector
  PoC MSVC COFF Object file loader/injector.
  ☆177Updated 4 years ago
• Barakat / CVE-2019-16098
  Local privilege escalation PoC exploit for CVE-2019-16098
  ☆193Updated 5 years ago
• shogunlab / building-c2-implants-in-cpp
  The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogun_lab).
  ☆229Updated 5 months ago