magicsword-io/LOLDrivers external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

magicsword-io/LOLDrivers

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/magicsword-io/LOLDrivers)

Close

magicsword-io / LOLDriversView on GitHubMore

• External links
• Readme badge

Living Off The Land Drivers

☆1,612May 5, 2026Updated this week

Alternatives and similar repositories for LOLDrivers

Users that are interested in LOLDrivers are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,812Aug 30, 2024Updated last year
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,627Jul 31, 2024Updated last year
• ZeroMemoryEx / Blackout

  View on GitHub
  kill anti-malware protected processes ( BYOVD )
  ☆974Jul 21, 2023Updated 2 years ago
• Accenture / Spartacus

  View on GitHub
  Spartacus DLL/COM Hijacking Toolkit
  ☆1,079Feb 1, 2024Updated 2 years ago
• netero1010 / EDRSilencer

  View on GitHub
  A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …
  ☆1,859Nov 3, 2024Updated last year
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• tsale / EDR-Telemetry

  View on GitHub
  This project aims to compare and evaluate the telemetry of various EDR products.
  ☆1,951Apr 28, 2026Updated last week
• Idov31 / Nidhogg

  View on GitHub
  Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
  ☆2,330Feb 15, 2026Updated 2 months ago
• fortra / nanodump

  View on GitHub
  The swiss army knife of LSASS dumping
  ☆2,109Sep 17, 2024Updated last year
• Dec0ne / HWSyscalls

  View on GitHub
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆724Jul 19, 2023Updated 2 years ago
• CCob / ThreadlessInject

  View on GitHub
  Threadless Process Injection using remote function hooking.
  ☆817Sep 4, 2024Updated last year
• LOLBAS-Project / LOLBAS

  View on GitHub
  Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
  ☆8,508Mar 16, 2026Updated last month
• TheWover / donut

  View on GitHub
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆4,562Jul 8, 2025Updated 10 months ago
• jthuraisamy / SysWhispers2

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,814Sep 3, 2022Updated 3 years ago
• klezVirus / SilentMoonwalk

  View on GitHub
  PoC Implementation of a fully dynamic call stack spoofer
  ☆954Jul 20, 2024Updated last year
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• myzxcg / RealBlindingEDR

  View on GitHub
  Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…
  ☆1,321Jun 21, 2024Updated last year
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,198Oct 16, 2023Updated 2 years ago
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆674Dec 23, 2022Updated 3 years ago
• weak1337 / Alcatraz

  View on GitHub
  x64 binary obfuscator
  ☆1,972Jul 14, 2023Updated 2 years ago
• SafeBreach-Labs / PoolParty

  View on GitHub
  A set of fully-undetectable process injection techniques abusing Windows Thread Pools
  ☆1,258Dec 11, 2023Updated 2 years ago
• RedCursorSecurityConsulting / PPLKiller

  View on GitHub
  Tool to bypass LSA Protection (aka Protected Process Light)
  ☆994Dec 4, 2022Updated 3 years ago
• ZeroMemoryEx / Terminator

  View on GitHub
  Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
  ☆1,053Jun 20, 2023Updated 2 years ago
• wietze / HijackLibs

  View on GitHub
  Project for tracking publicly disclosed DLL Hijacking opportunities.
  ☆907Apr 30, 2026Updated last week
• klezVirus / inceptor

  View on GitHub
  Template-Driven AV/EDR Evasion Framework
  ☆1,798Nov 3, 2023Updated 2 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• gabriellandau / PPLFault

  View on GitHub
  ☆568Feb 22, 2024Updated 2 years ago
• eversinc33 / Banshee

  View on GitHub
  Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
  ☆602Aug 2, 2025Updated 9 months ago
• boku7 / BokuLoader

  View on GitHub
  A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
  ☆1,412Nov 22, 2023Updated 2 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,016Jun 4, 2024Updated last year
• Mr-Un1k0d3r / EDRs

  View on GitHub
  ☆2,187Apr 3, 2026Updated last month
• am0nsec / HellsGate

  View on GitHub
  Original C Implementation of the Hell's Gate VX Technique
  ☆1,180Jun 28, 2021Updated 4 years ago
• monoxgas / sRDI

  View on GitHub
  Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
  ☆2,521Nov 15, 2023Updated 2 years ago
• med0x2e / SigFlip

  View on GitHub
  SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…
  ☆1,274Aug 27, 2023Updated 2 years ago
• Kudaes / Fiber

  View on GitHub
  Using fibers to run in-memory code.
  ☆244Oct 19, 2023Updated 2 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆612May 2, 2026Updated last week
• Yaxser / Backstab

  View on GitHub
  A tool to kill antimalware protected processes
  ☆1,515Jun 19, 2021Updated 4 years ago
• aahmad097 / AlternativeShellcodeExec

  View on GitHub
  Alternative Shellcode Execution Via Callbacks
  ☆1,715Nov 11, 2022Updated 3 years ago
• hasherezade / pe_to_shellcode

  View on GitHub
  Converts PE into a shellcode
  ☆2,759Aug 30, 2025Updated 8 months ago
• trustedsec / CS-Situational-Awareness-BOF

  View on GitHub
  Situational Awareness commands implemented using Beacon Object Files
  ☆1,789Mar 10, 2026Updated last month
• Cracked5pider / Ekko

  View on GitHub
  Sleep Obfuscation
  ☆836Dec 3, 2023Updated 2 years ago
• matthieu-hackwitharts / Win32_Offensive_Cheatsheet

  View on GitHub
  Win32 and Kernel abusing techniques for pentesters
  ☆978Sep 3, 2023Updated 2 years ago