magicsword-io / LOLDrivers
Living Off The Land Drivers
☆1,130Updated last week
Alternatives and similar repositories for LOLDrivers:
Users that are interested in LOLDrivers are comparing it to the libraries listed below
- ☆1,607Updated 6 months ago
- A set of fully-undetectable process injection techniques abusing Windows Thread Pools☆1,069Updated last year
- ☆2,061Updated 2 years ago
- The multi-platform memory acquisition tool.☆758Updated 3 months ago
- PoCs and tools for investigation of Windows process execution techniques☆908Updated this week
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,615Updated 4 months ago
- AV/EDR Evasion Lab for Training & Learning Purposes☆1,207Updated 3 weeks ago
- A tool to kill antimalware protected processes☆1,418Updated 3 years ago
- Project for tracking publicly disclosed DLL Hijacking opportunities.☆727Updated this week
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆951Updated last year
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆732Updated last year
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆592Updated this week
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,172Updated last year
- Nidhogg is an all-in-one simple to use windows kernel rootkit.☆1,894Updated 5 months ago
- Hardcore Debugging☆823Updated last month
- Spartacus DLL/COM Hijacking Toolkit☆1,029Updated last year
- ☆570Updated 4 months ago
- ☆745Updated last year
- A modern 32/64-bit position independent implant template☆1,147Updated this week
- A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analys…☆339Updated last month
- Win32 and Kernel abusing techniques for pentesters☆944Updated last year
- Dynamic unpacker based on PE-sieve☆709Updated last month
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,389Updated 7 months ago
- ☆488Updated last year
- Important notes and topics on my journey towards mastering Windows Internals☆366Updated 10 months ago
- ☆495Updated 3 months ago
- Sleep Obfuscation☆728Updated last year
- Cobalt Strike UDRL for memory scanner evasion.☆910Updated 9 months ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆633Updated 2 years ago
- Kernel mode WinDbg extension and PoCs for token privilege investigation.☆839Updated last month