Alternatives and similar repositories for ntoskrnlwalker

Users that are interested in ntoskrnlwalker are comparing it to the libraries listed below

• jonomango / superfetch
  Translate virtual addresses to physical addresses from usermode.
  ☆101Updated last year
• LabGuy94 / CopyMyWrite
  Abusing DDMA alongside Copy On Write for Cross Process Code Execution for a 3000$ Bug Bounty
  ☆85Updated last week
• Xacone / Eneio64-Driver-Exploits
  A serie of exploits targeting eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W
  ☆116Updated 3 months ago
• zer0condition / BusterCall
  "Bypassing" HVCI via donor PFN swaps to modify read-only code pages. Call chained kernel functions (kCET and SLAT support), modify read-o…
  ☆47Updated 3 weeks ago
• keowu / Ryujin
  Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool
  ☆300Updated 2 months ago
• CheckPointSW / VectoredOverloading
  ☆115Updated 2 months ago
• 4l3x777 / dse_pg_bypass
  DSE & PG bypass via BYOVD attack
  ☆77Updated 7 months ago
• brew02 / BudgetEPT
  Create stealthy, inline, EPT-like hooks using SMAP and SMEP
  ☆60Updated last year
• dnz-c / VulnDriverFinder
  browse microsoft driver server for potentially vulnerable drivers
  ☆30Updated last year
• eversinc33 / unKover
  Anti-Rootkit/Anti-Cheat Driver to uncover unbacked or hidden kernel code.
  ☆293Updated 2 months ago
• wesmar / KernelResearchKit
  Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by s…
  ☆75Updated last month
• 0mWindyBug / DataptrHooks
  ntoskrnl .data hooks for UM-KM communication
  ☆53Updated last year
• zer0condition / Demystifying-PatchGuard
  Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…
  ☆133Updated 2 years ago
• waryas / WaryasSWHE
  Usermode exploit to bypass any AC using a 0day shatter attack.
  ☆253Updated 2 months ago
• 0xflux / Hells-Hollow
  Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls
  ☆214Updated 5 months ago
• paskalian / WID_LoadLibrary
  Reverse engineering winapi function loadlibrary.
  ☆232Updated 2 years ago
• 0xPrimo / KMDllInjector
  kernel-mode DLL Injector
  ☆125Updated 9 months ago
• SamuelTulach / HookGuard
  Hooking Windows' exception dispatcher to protect process's PML4
  ☆225Updated last year
• AmitMoshel1 / PatchGuardEncryptorDriver
  A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.
  ☆78Updated 10 months ago
• jdu2600 / EtwTi-FluctuationMonitor
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆166Updated 2 years ago
• wesmar / kvc
  KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch, skci.dll hijack, SeCiCallbacks redirection) and PP/PPL manipulatio…
  ☆160Updated 2 weeks ago
• paskalian / RetSpoofer
  Spoof the return address of any function call.
  ☆11Updated last year
• 0x1c1101 / zombie_asm
  C++ Assembler with Built-in Mutation Engine
  ☆30Updated 5 months ago
• li4321 / GhostInjector
  ☆46Updated last year
• zer0condition / ZeroThreadKernel
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆159Updated 2 years ago
• gabriellandau / ShadowStackWalk
  Finding Truth in the Shadows
  ☆120Updated 3 years ago
• susMdT / LoudSunRun
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆253Updated last year
• GetRektBoy724 / warbird-research
  Find out how to bypass HVCI (or not). My own research on Microsoft Warbird (specifically in clipsp.sys)
  ☆92Updated 3 months ago
• TheMalwareGuardian / Benthic
  Windows Kernel Rootkit
  ☆58Updated 2 months ago
• x64dbg / lz4
  ☆14Updated last year