Alternatives and similar repositories for ZMIST

Users that are interested in ZMIST are comparing it to the libraries listed below

• Microwave89 / createuserprocess
  Three Tiny Examples of Directly Using Vista's NtCreateUserProcess
  ☆89Updated 10 years ago
• 0xcpu / WinAltSyscallHandler
  Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999
  ☆239Updated 6 years ago
• repnz / apc-research
  APC Internals Research Code
  ☆167Updated 5 years ago
• 0vercl0k / sic
  Enumerate user mode shared memory mappings on Windows.
  ☆126Updated 4 years ago
• hasherezade / antianalysis_demos
  Set of antianalysis techniques found in malware
  ☆133Updated 2 years ago
• kkent030315 / NtSymbol
  Resolve DOS MZ executable symbols at runtime
  ☆96Updated 4 years ago
• yardenshafir / cet-research
  A collection of tools, source code, and papers researching Windows' implementation of CET.
  ☆88Updated 5 years ago
• DanielAvinoam / TheSubZeroProject
  A multi-staged malware that contains a kernel mode rootkit and a remote system shell.
  ☆74Updated 4 years ago
• hMihaiDavid / addscn
  Add an empty section to a PE file
  ☆53Updated 8 years ago
• ajkhoury / ApiSet
  API Set resolver for Windows
  ☆141Updated last year
• 86hh / DreamLoader
  Simple 32/64-bit PEs loader.
  ☆139Updated 7 years ago
• hasherezade / masm_shc
  A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
  ☆188Updated 9 months ago
• wbenny / EtwConsumerNT
  Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
  ☆146Updated 6 years ago
• avast / pe_tools
  A cross-platform Python toolkit for parsing/writing PE files.
  ☆67Updated last year
• Fyyre / ntdll
  ntdll.h - compatible with MSVC 6.0, Intel C++ Compiler and MinGW. Serves as a complete replacement for Windows.h
  ☆149Updated 6 years ago
• hfiref0x / Misc
  Miscellaneous Code and Docs
  ☆84Updated 6 months ago
• LloydLabs / dearg-thread-ipc-stealth
  A novel technique to communicate between threads using the standard ETHREAD structure
  ☆115Updated 4 years ago
• SouhailHammou / Drivers
  Windows Drivers
  ☆100Updated 6 years ago
• yardenshafir / SymlinkCallback
  A driver that hooks C: volume using symbolic link callback to track all FS access to the volume
  ☆110Updated 5 years ago
• hasherezade / chimera_pe
  ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…
  ☆228Updated 2 years ago
• vxcute / WindowsInternals
  Yet another windows internals repo
  ☆212Updated 4 years ago
• LloydLabs / Windows-API-Hashing
  This is a simple example and explanation of obfuscating API resolution via hashing
  ☆238Updated 5 years ago
• am0nsec / wkpe
  Windows Kernel Programming Experiments
  ☆85Updated 3 years ago
• repnz / autochk-rootkit
  Reverse engineered source code of the autochk rootkit
  ☆208Updated 6 years ago
• ionescu007 / hazmat5
  Local OXID Resolver (LCLOR) : Research and Tooling
  ☆37Updated 4 years ago
• jackullrich / TRunPE
  A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…
  ☆97Updated 6 years ago
• VoidSec / ioctlpus
  IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).
  ☆96Updated 4 years ago
• therealdreg / cgaty
  Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)
  ☆73Updated 2 years ago
• SouhailHammou / KernelSymbolsHelper
  Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…
  ☆64Updated 6 years ago
• yardenshafir / PoolViewer
  An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.
  ☆149Updated 2 years ago