Alternatives and similar repositories for HiveSwarming

Users that are interested in HiveSwarming are comparing it to the libraries listed below

• dr-anoroc / rawccopy
  Command line utility for copying files on NTFS using low level disk access
  ☆39Updated last year
• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆78Updated 5 months ago
• zodiacon / RemoteThreadDetection
  Remote Thread Detection with a Kernel Driver
  ☆33Updated 10 months ago
• lilkui / runasti
  Runs programs as TrustedInstaller
  ☆49Updated 6 years ago
• KiFilterFiberContext / windows-software-policy
  Research on obfuscated licensing APIs / CLIP service in the Windows kernel
  ☆125Updated 3 years ago
• DebugPrivilege / WindowsAP1
  Code samples that serve as references for Windows API functions
  ☆76Updated last year
• m417z / x64dbg-xfg-marker
  An x64dbg plugin which marks XFG call signatures as data
  ☆78Updated 2 years ago
• zodiacon / MalDevWorkshopWebinar
  Demo from the Malware Analysis and Development Webinar
  ☆23Updated last year
• jonaslyk / temp
  ☆72Updated 2 years ago
• m417z / winapiexec
  A small tool that allows to run WinAPI functions through command line parameters
  ☆202Updated 3 years ago
• rbmm / remap
  break link between dll and it file on disk
  ☆11Updated last year
• zodiacon / WinEventHooks
  SetWinEventHook Sample
  ☆50Updated 2 years ago
• 3dnow / NtCreateLowBoxToken
  A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering
  ☆41Updated 5 months ago
• Offensive-Panda / NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE
  This exploit rebuilds and exploit the CVE-2019-16098 which is in driver Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCo…
  ☆28Updated last year
• Wack0 / SecureBootPolicyTools
  Take back control of Windows Code Integrity, no exploits or patching required! Requires that you control your own Platform Key (PK).
  ☆49Updated 3 years ago
• Fleex255 / CustomShim
  Example/starter code for custom Windows application compatibility shims
  ☆35Updated 4 years ago
• zodiacon / WMIExplorer
  ☆26Updated 4 months ago
• C5Hackr / c_syscalls
  https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.
  ☆33Updated last year
• jbaines-r7 / dellicious
  Enabled / Disable LSA Protection via BYOVD
  ☆80Updated 3 years ago
• bluefrostsecurity / Windows-Drive-Remapping-EoP
  ☆34Updated 2 years ago
• DISREL / Ring0VBA
  CVE-2018-6066 using VBA
  ☆67Updated 3 years ago
• p0dalirius / pyPDBdownload
  A Python script to download PDB files associated with a Portable Executable (PE)
  ☆124Updated 9 months ago
• daem0nc0re / SharpWnfSuite
  C# Utilities for Windows Notification Facility
  ☆160Updated 7 months ago
• jjensn / CVE-2024-36877
  Exploit POC for CVE-2024-36877
  ☆48Updated last year
• rbmm / TPM
  Easy encrypt/decrypt data with TPM
  ☆25Updated last year
• Offensive-Panda / PEB_WALK_AND_API_OBFUSCATION_INJECTION
  This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.
  ☆23Updated last year
• hasherezade / sig_finder
  Signature finder (from PE-bear)
  ☆38Updated 3 months ago
• rbmm / NtDetours
  Detours implementation (x64/x86) which used only ntdll import
  ☆90Updated last month
• connormcgarr / EATGuard
  Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)
  ☆115Updated 2 years ago
• keowu / InstrumentationCallbackToolKit
  A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…
  ☆35Updated 2 years ago