ldpreload/BlackLotus external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ldpreload/BlackLotus

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ldpreload/BlackLotus)

Close

ldpreload / BlackLotusView on GitHubMore

• External links
• Readme badge

BlackLotus UEFI Windows Bootkit

☆2,188Mar 28, 2024Updated last year

Alternatives and similar repositories for BlackLotus

Users that are interested in BlackLotus are comparing it to the libraries listed below

• memN0ps / redlotus-rs

  View on GitHub
  Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)
  ☆564Sep 12, 2023Updated 2 years ago
• weak1337 / Alcatraz

  View on GitHub
  x64 binary obfuscator
  ☆1,960Jul 14, 2023Updated 2 years ago
• ZeroMemoryEx / Chaos-Rootkit

  View on GitHub
  Now You See Me, Now You Don't
  ☆1,025Jan 23, 2026Updated last month
• eversinc33 / Banshee

  View on GitHub
  Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
  ☆590Aug 2, 2025Updated 7 months ago
• XaFF-XaFF / Black-Angel-Rootkit

  View on GitHub
  Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
  ☆674Nov 9, 2023Updated 2 years ago
• ldpreload / Medusa

  View on GitHub
  LD_PRELOAD Rootkit
  ☆305Apr 5, 2025Updated 10 months ago
• Idov31 / Nidhogg

  View on GitHub
  Nidhogg is an all-in-one simple to use windows kernel rootkit.
  ☆2,274Feb 15, 2026Updated 2 weeks ago
• ajkhoury / UEFI-Bootkit

  View on GitHub
  A small bootkit which does not rely on x64 assembly.
  ☆509Aug 29, 2019Updated 6 years ago
• klezVirus / SilentMoonwalk

  View on GitHub
  PoC Implementation of a fully dynamic call stack spoofer
  ☆922Jul 20, 2024Updated last year
• ZeroMemoryEx / Blackout

  View on GitHub
  kill anti-malware protected processes ( BYOVD )
  ☆968Jul 21, 2023Updated 2 years ago
• Wack0 / CVE-2022-21894

  View on GitHub
  baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
  ☆349Sep 27, 2023Updated 2 years ago
• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,787Aug 30, 2024Updated last year
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,198Oct 16, 2023Updated 2 years ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆776Jan 26, 2026Updated last month
• ZeroMemoryEx / Terminator

  View on GitHub
  Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
  ☆1,040Jun 20, 2023Updated 2 years ago
• mgeeky / ThreadStackSpoofer

  View on GitHub
  Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…
  ☆1,196Jun 17, 2022Updated 3 years ago
• Mattiwatti / EfiGuard

  View on GitHub
  Disable PatchGuard and Driver Signature Enforcement at boot time
  ☆2,254Aug 3, 2025Updated 6 months ago
• matthieu-hackwitharts / Win32_Offensive_Cheatsheet

  View on GitHub
  Win32 and Kernel abusing techniques for pentesters
  ☆975Sep 3, 2023Updated 2 years ago
• Cracked5pider / LdrLibraryEx

  View on GitHub
  A small x64 library to load dll's into memory.
  ☆457Nov 6, 2023Updated 2 years ago
• Cr4sh / SmmBackdoorNg

  View on GitHub
  Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks
  ☆357Nov 3, 2023Updated 2 years ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆242Sep 26, 2023Updated 2 years ago
• XaFF-XaFF / Cronos-Rootkit

  View on GitHub
  Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
  ☆936Mar 29, 2022Updated 3 years ago
• SaadAhla / TakeMyRDP

  View on GitHub
  A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing i…
  ☆398Aug 2, 2023Updated 2 years ago
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆676Dec 23, 2022Updated 3 years ago
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,295Mar 21, 2025Updated 11 months ago
• Cracked5pider / Ekko

  View on GitHub
  Sleep Obfuscation
  ☆816Dec 3, 2023Updated 2 years ago
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆536Aug 1, 2022Updated 3 years ago
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,594Jul 31, 2024Updated last year
• WKL-Sec / HiddenDesktop

  View on GitHub
  HVNC for Cobalt Strike
  ☆1,298Dec 7, 2023Updated 2 years ago
• Idov31 / Cronos

  View on GitHub
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆622Sep 26, 2023Updated 2 years ago
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆605Apr 19, 2023Updated 2 years ago
• hasherezade / pe_to_shellcode

  View on GitHub
  Converts PE into a shellcode
  ☆2,745Aug 30, 2025Updated 6 months ago
• daem0nc0re / VectorKernel

  View on GitHub
  PoCs for Kernelmode rootkit techniques research.
  ☆432Nov 4, 2025Updated 3 months ago
• netero1010 / EDRSilencer

  View on GitHub
  A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …
  ☆1,821Nov 3, 2024Updated last year
• hfiref0x / WubbabooMark

  View on GitHub
  Debugger Anti-Detection Benchmark
  ☆382Jan 11, 2026Updated last month
• es3n1n / obfuscator

  View on GitHub
  PE (and elf now!) bin2bin obfuscator
  ☆820Oct 11, 2025Updated 4 months ago
• btbd / umap

  View on GitHub
  UEFI bootkit for driver manual mapping
  ☆586Jan 1, 2024Updated 2 years ago
• Dec0ne / HWSyscalls

  View on GitHub
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆718Jul 19, 2023Updated 2 years ago
• daem0nc0re / TangledWinExec

  View on GitHub
  PoCs and tools for investigation of Windows process execution techniques
  ☆953Feb 2, 2026Updated last month