Alternatives and similar repositories for Privilege-Escalation:

Users that are interested in Privilege-Escalation are comparing it to the libraries listed below

• Nuxar1 / ImportsHook
  Written in a couple hours, don't judge :)
  ☆14Updated last year
• boom-cr3 / NotifyRoutineHijackThread
  Hijack NotifyRoutine for a kernelmode thread
  ☆41Updated 2 years ago
• WolfyZ99 / Kernel-RPM-WPM-with-Driver-Destroyer
  ☆11Updated 5 years ago
• 1401199262 / UnsuccessfulDriver
  ☆16Updated 2 years ago
• byte2mov / anti-breakpoint
  anti breakpoint using job objects in a simple way.
  ☆12Updated 11 months ago
• Anal-Repair / gigabyte_gdrv3_exploit
  Rust program for interfacing with the gigabyte driver to gain access to powerful primitives such as arbitrary kernel memcpy.
  ☆17Updated 2 years ago
• opcode86 / SysCaller
  Single header library to simplify the usage of direct syscalls. x64/x86
  ☆11Updated 2 years ago
• ZwCreateFile / RWXAbusing
  RWX Section Abusing
  ☆17Updated last year
• Cesusius / FakeDriver
  Execute anything in a legit memory region by attacking a windows driver
  ☆19Updated last year
• user23333 / HyperVisorInjector
  Secure Hyper-Visor Injector for Easy Anti Cheat, Battleye | that supports amd + intel | Undetected + Active updates
  ☆18Updated 2 years ago
• kkent030315 / CiGetCertPublisherName
  An example code of CiGetCertPublisherName
  ☆14Updated 2 years ago
• muturikaranja / kernel-windowless-wndproc-hook
  hooks gServerHandlers xxxEventWndProc
  ☆12Updated 2 years ago
• illegal-instruction-co / ThreadIn
  Freeze target threads (external - internal ) by avoiding SuspendThread detections. Or access registers from start address.
  ☆31Updated 11 months ago
• kuh4it / pipedriver
  Communicate from ring-0 to ring-3 using NamedPipes.
  ☆10Updated 2 years ago
• zer0condition / CritBSOD
  Abusing RtlAdjustPrivilege and NtSetInformationProcess to cause a BSOD from usermode
  ☆17Updated 2 years ago
• Xyrem / Arbitrary-Physical-Memory-RW
  ☆39Updated 2 years ago
• serbx / KernelVtableFunctionHook
  ☆18Updated 2 years ago
• ByteWhite1x1 / PatchGuardResearch
  Bypassing kernel patch protection runtime
  ☆19Updated 2 years ago
• helloobaby / Nmi-Callback
  detect hypervisor with Nmi Callback
  ☆34Updated 2 years ago
• alfarom256 / UserVAtoPhysical
  Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address
  ☆24Updated 3 years ago
• Rycooop / Callback-Registration
  Register a callback from a Manually mapped kernel module
  ☆15Updated 3 years ago
• Nou4r / PresentInjector
  A simple present scene, kernel allocation injector.
  ☆24Updated 2 years ago
• 1401199262 / InstrumentationCallback
  ☆27Updated 2 years ago
• ioncodes / rapid-kdbg-hyperv
  ☆15Updated 2 years ago
• helloobaby / HyperTool
  Intel learning hypervisor and some extend function
  ☆22Updated 2 months ago
• stuxnet147 / Win-ZeroTimer
  simple zero-dependency timer implementation
  ☆11Updated last year
• i32-Sudo / SilentFunctionCaller
  Allows for same-file KernelMode function execution using Encrypted addresses of Functions
  ☆30Updated 4 months ago
• backengineering / vmhook
  A demonstration of hooking into the VMProtect-2 virtual machine
  ☆17Updated last year