magicsword-io / LOLDriversLinks
Living Off The Land Drivers
☆1,205Updated last month
Alternatives and similar repositories for LOLDrivers
Users that are interested in LOLDrivers are comparing it to the libraries listed below
Sorting:
- ☆1,664Updated 9 months ago
- Project for tracking publicly disclosed DLL Hijacking opportunities.☆768Updated this week
- EDR Lab for Experimentation Purposes☆1,273Updated last month
- The multi-platform memory acquisition tool.☆801Updated 6 months ago
- PoCs and tools for investigation of Windows process execution techniques☆921Updated 2 weeks ago
- Win32 and Kernel abusing techniques for pentesters☆954Updated last year
- ☆2,109Updated 2 years ago
- A set of fully-undetectable process injection techniques abusing Windows Thread Pools☆1,124Updated last year
- A tool to kill antimalware protected processes☆1,452Updated 4 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆752Updated last year
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,673Updated 7 months ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆635Updated this week
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,446Updated 10 months ago
- A modern 32/64-bit position independent implant template☆1,227Updated 3 months ago
- Nidhogg is an all-in-one simple to use windows kernel rootkit.☆2,008Updated 2 months ago
- Hardcore Debugging☆894Updated last month
- ☆493Updated last year
- Spartacus DLL/COM Hijacking Toolkit☆1,047Updated last year
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,187Updated last year
- Dynamic unpacker based on PE-sieve☆736Updated 3 weeks ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,534Updated 4 years ago
- Awesome EDR Bypass Resources For Ethical Hacking☆1,215Updated last week
- The swiss army knife of LSASS dumping☆1,950Updated 9 months ago
- ☆754Updated last year
- Kernel mode WinDbg extension and PoCs for token privilege investigation.☆864Updated 5 months ago
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆1,223Updated last year
- Alternative Shellcode Execution Via Callbacks☆1,576Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆943Updated last year
- ☆519Updated 2 weeks ago
- a tool to help operate in EDRs' blind spots☆738Updated 6 months ago