Alternatives and similar repositories for KExecDD

Users that are interested in KExecDD are comparing it to the libraries listed below

• janoglezcampos / llvm-yx-callobfuscator
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆315Updated last year
• rad9800 / hwbp4mw
  ☆265Updated 2 years ago
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆257Updated 2 years ago
• hasherezade / thread_namecalling
  Process Injection using Thread Name
  ☆282Updated 6 months ago
• XaFF-XaFF / Kernel-Process-Hollowing
  Windows x64 kernel mode rootkit process hollowing POC.
  ☆188Updated 2 years ago
• GetRektBoy724 / DCMB
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆237Updated last year
• klezVirus / DriverJack
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆352Updated last year
• paskalian / WID_LoadLibrary
  Reverse engineering winapi function loadlibrary.
  ☆220Updated 2 years ago
• susMdT / LoudSunRun
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆244Updated last year
• 0xHossam / KernelCallbackTable-Injection-PoC
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆234Updated 11 months ago
• CognisysGroup / SweetDreams
  Implementation of Advanced Module Stomping and Heap/Stack Encryption
  ☆216Updated 2 years ago
• 0xflux / Hells-Hollow
  Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls
  ☆188Updated last month
• Idov31 / Jormungandr
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆239Updated 2 years ago
• Kudaes / Eclipse
  Activation Context Hijack
  ☆170Updated 2 months ago
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆117Updated last year
• capt-meelo / KernelCallbackTable-Injection
  Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
  ☆135Updated 3 years ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆210Updated 9 months ago
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆162Updated 10 months ago
• xalicex / Killers
  Exploitation of process killer drivers
  ☆200Updated 2 years ago
• alfarom256 / CVE-2022-3699
  Lenovo Diagnostics Driver EoP - Arbitrary R/W
  ☆173Updated 2 years ago
• 0xPrimo / KMDllInjector
  kernel-mode DLL Injector
  ☆113Updated 6 months ago
• alfarom256 / MCP-PoC
  Minifilter Callback Patching Proof-of-Concept
  ☆73Updated 2 years ago
• rad9800 / misc
  miscellaneous scripts and programs
  ☆258Updated 9 months ago
• Friends-Security / RedirectThread
  Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…
  ☆192Updated 4 months ago
• rad9800 / WTSRM
  WTSRM
  ☆215Updated 3 years ago
• gabriellandau / ShadowStackWalk
  Finding Truth in the Shadows
  ☆115Updated 2 years ago
• jdu2600 / EtwTi-FluctuationMonitor
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆147Updated 2 years ago
• MzHmO / SymProcAddress
  Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)
  ☆144Updated last year
• T3nb3w / ComDotNetExploit
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆324Updated 7 months ago
• CaledoniaProject / drivers-binaries
  Exploitable drivers, you know what I mean
  ☆153Updated 3 weeks ago