Alternatives and similar repositories for dolos

Users that are interested in dolos are comparing it to the libraries listed below

• ZeroMemoryEx / URootkit
  simple user-mode Rootkit
  ☆107Updated 3 years ago
• MahmoudZohdy / Process-Injection-Techniques
  Various Process Injection Techniques
  ☆161Updated 3 years ago
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆258Updated last year
• rad9800 / WTSRM
  WTSRM
  ☆216Updated 3 years ago
• frank2 / packer-tutorial
  A tutorial on how to write a packer for Windows!
  ☆302Updated 2 years ago
• 3intermute / ramiel
  uefi diskless persistence technique + OVMF secureboot bypass
  ☆95Updated last year
• fcccode / Vx-Engines
  Collection of source code for Polymorphic, Metamorphic, and Permutation Engines used in Malware
  ☆30Updated 6 years ago
• GetRektBoy724 / DCMB
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆242Updated last year
• rad9800 / hwbp4mw
  ☆269Updated 2 years ago
• WithSecureLabs / CallStackSpoofer
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆544Updated 9 months ago
• bytecode77 / living-off-the-land
  Fileless attack with persistence
  ☆370Updated 6 months ago
• xalicex / Get-DLL-and-Function-Addresses
  GetModuleHandle (via PEB) and GetProcAddress (via EAT) like
  ☆32Updated 3 years ago
• hasherezade / thread_namecalling
  Process Injection using Thread Name
  ☆290Updated 8 months ago
• CaledoniaProject / drivers-binaries
  Exploitable drivers, you know what I mean
  ☆154Updated last month
• zer0condition / ZeroThreadKernel
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆156Updated 2 years ago
• janoglezcampos / llvm-yx-callobfuscator
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆316Updated last year
• TheMalwareGuardian / Abismo
  [ARCHIVED] Early work on Abyss (Windows UEFI Bootkit).
  ☆41Updated 4 months ago
• rad9800 / misc
  miscellaneous scripts and programs
  ☆271Updated 11 months ago
• hasherezade / masm_shc
  A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
  ☆185Updated 8 months ago
• XaFF-XaFF / Kernel-Process-Hollowing
  Windows x64 kernel mode rootkit process hollowing POC.
  ☆189Updated 2 years ago
• KiFilterFiberContext / warbird-hook
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆257Updated 3 years ago
• klezVirus / DriverJack
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆357Updated last year
• Idov31 / Jormungandr
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆242Updated 2 years ago
• symeonp / Lenovo-CVE-2025-8061
  PoC for popping a system shell against the LnvMSRIO.sys driver
  ☆117Updated 3 months ago
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆260Updated 2 years ago
• NullArray / WinKernel-Resources
  A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …
  ☆164Updated 3 years ago
• janoglezcampos / rust_syscalls
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆229Updated 2 years ago
• am0nsec / vx
  Virus Exchange (VX) - Collection of malware or assembly code used for "offensive" purposed.
  ☆191Updated 5 months ago
• eversinc33 / unKover
  Anti-Rootkit/Anti-Cheat Driver to uncover unbacked or hidden kernel code.
  ☆274Updated last month
• pard0p / CallstackSpoofingPOC
  C++ self-Injecting dropper based on various EDR evasion techniques.
  ☆420Updated last year