Alternatives and similar repositories for CreateFile_based_rootkit

Users that are interested in CreateFile_based_rootkit are comparing it to the libraries listed below

• t3rabyt3-zz / Gozi
  Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.
  ☆72Updated 7 years ago
• hlldz / APC-PPID
  Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.
  ☆158Updated 6 years ago
• Signal-Labs / NtdllUnpatcher
  Example code for EDR bypassing
  ☆151Updated 6 years ago
• ars3n11 / MineSweeper
  Windows user-land hooks manipulation tool.
  ☆146Updated 4 years ago
• amitwaisel / Malproxy
  Proxy system calls over an RPC channel
  ☆99Updated 3 years ago
• JLospinoso / cpp-implant
  A simple implant showcasing modern C++
  ☆108Updated 5 years ago
• reevesrs24 / EvasiveProcessHollowing
  Evasive Process Hollowing Techniques
  ☆142Updated 5 years ago
• Maff1t / WindowsPermsPoC
  A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows
  ☆52Updated 4 years ago
• sailay1996 / magnifier0day
  Windows 10 Privilege Escalation (magnifier.exe) via Dll Search Order Hijacking
  ☆142Updated 5 years ago
• hasherezade / persistence_demos
  Demos of various (also non standard) persistence methods used by malware
  ☆224Updated 2 years ago
• uf0o / rootkit-arsenal-guacamole
  An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples
  ☆74Updated 3 years ago
• LloydLabs / Windows-API-Hashing
  This is a simple example and explanation of obfuscating API resolution via hashing
  ☆237Updated 5 years ago
• WithSecureLabs / ModuleStomping
  https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
  ☆126Updated 6 years ago
• thesecretclub / ArbitraryDirectoryDeletion
  From directory deletion to SYSTEM shell
  ☆111Updated 5 years ago
• praetorian-inc / vulcan
  a tool to make it easy and fast to test various forms of injection
  ☆173Updated 6 years ago
• ioncodes / CVE-2020-16938
  Bypassing NTFS permissions to read any files as unprivileged user.
  ☆190Updated 5 years ago
• NtRaiseHardError / NINA
  NINA: No Injection, No Allocation x64 Process Injection Technique
  ☆227Updated 5 years ago
• am0nsec / wspe
  Windows System Programming Experiments
  ☆223Updated 3 years ago
• CptGibbon / Windows-Process-Injection
  Some simple process injection techniques targeting the Windows platform
  ☆31Updated 5 years ago
• mdsecactivebreach / firewalker
  ☆155Updated 5 years ago
• frkngksl / Celeborn
  Userland API Unhooker Project
  ☆110Updated 4 years ago
• FSecureLABS / Ninjasploit
  A meterpreter extension for applying hooks to avoid windows defender memory scans
  ☆249Updated 5 years ago
• boku7 / HellsGatePPID
  Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
  ☆107Updated 2 years ago
• med0x2e / NoAmci
  Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
  ☆218Updated 5 years ago
• josh0xA / threadfire
  PoC Thread Execution Hijacking for Win32 Code Injection
  ☆178Updated last year
• FuzzySecurity / Driver-Template
  Bare template for a Kernel Mode Driver
  ☆51Updated 5 years ago
• Malwation / sentello
  Sentello is python script that simulates the anti-evasion and anti-analysis techniques used by malware.
  ☆75Updated 4 years ago
• djhohnstein / ProcessReimaging
  Process reimaging proof of concept code
  ☆97Updated 6 years ago
• EgeBalci / WSAAcceptBackdoor
  Winsock accept() Backdoor Implant.
  ☆118Updated 4 years ago
• boku7 / winx64-InjectAllProcessesMeterpreter-Shellcode
  64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
  ☆133Updated 2 years ago