Alternatives and similar repositories for learning

Users that are interested in learning are comparing it to the libraries listed below

• wes4m / unHooker
  Kernel (Ring0) - SSDT unhook driver
  ☆15Updated 7 years ago
• hatRiot / DelayLoadInject
  Code injection via delay load libraries
  ☆35Updated 7 years ago
• gabriellandau / CISpotter
  Code Integrity Violation Spotter
  ☆17Updated last year
• SLAUC91 / DLLFinder
  Enumerate the DLLs/Modules using NtQueryVirtualMemory
  ☆32Updated 10 years ago
• zhuhuibeishadiao / exploit-RemoteDesktopServerDriver
  exploit termdd.sys(support kb4499175)
  ☆59Updated 6 years ago
• Souhardya / Slavyana
  Windows Sandbox Framework
  ☆39Updated 3 years ago
• John-Yu / Simple_PE_packer
  The project was upgraded from https://coder.pub/ and supported VS2017. The original author wrote the detailed design ideas documentation…
  ☆19Updated 7 years ago
• hasherezade / loaderine
  A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.
  ☆19Updated 7 years ago
• mgeeky / PE-library
  Lightweight Portable Executable parsing library and a demo peParser application.
  ☆81Updated 2 years ago
• jonasblunck / DP
  Win32 API and COM hooking/tracing.
  ☆30Updated 9 years ago
• m0n0ph1 / FileCrypter
  Encrypting and decrypting files with AES or RC4 on Microsoft Windows
  ☆37Updated 11 years ago
• Trietptm-on-Coding-Algorithms / ZeroBank-ring0-bundle
  Kernel-Mode rootkit that connects to a remote server to send & recv commands
  ☆33Updated 6 years ago
• guidoreina / http_inspect
  HTTP/HTTPS/DNS inspector (windows driver)
  ☆26Updated 6 years ago
• JKornev / hijacken
  Analyze and attack windows applications using dll hijacking vulnerabilities
  ☆58Updated 5 years ago
• zodiacon / AccessMask
  ☆20Updated 6 years ago
• iammaguire / Salient-Rootkit
  A kernel mode Windows rootkit in development.
  ☆49Updated 3 years ago
• d35ha / xPE
  Simple library to handle PE files loading, relocating, get/set data, ..., in addition to process handling
  ☆32Updated 6 years ago
• JKornev / NTlib
  Static library and headers for linking your software with ntdll.dll
  ☆33Updated 5 years ago
• b4ubles / RootKit
  a very simple rootkit for fun
  ☆18Updated 6 years ago
• NtRaiseHardError / LeakMyAV
  Program to leak anti-virus behaviour and such
  ☆15Updated 6 years ago
• melardev / XeytanWin32-RAT
  WORK IN PROGRESS. RAT written in C++ using Win32 API
  ☆21Updated 5 years ago
• 3gstudent / Catch-specified-file-s-handle
  Enumerate all processes and get specified file's handle,then close it.
  ☆11Updated 7 years ago
• DissectMalware / WinNativeIO
  Using Undocumented NTDLL Functions to Read/Write/Delete File
  ☆18Updated 4 years ago
• yardenshafir / CallbackObjectAnalyzer
  Dumps information about all the callback objects found in a dump file and the functions registered for them
  ☆36Updated 4 years ago
• roadwy / Record
  ☆16Updated 11 years ago
• dro / uac-launchinf-poc
  Windows 10 UAC bypass PoC using LaunchInfSection
  ☆34Updated 7 years ago
• dsnezhkov / HandsFreeCOM
  Self-Loading Registration Free COM Functions
  ☆11Updated 5 years ago
• tekwizz123 / demos
  Forked from Akayan. Windows Kernel Exploitation. Static & dynamic analysis, exploits & vuln reasearch. Mitigations bypass's, genric bug-c…
  ☆16Updated 9 months ago
• revsic / CodeInjection
  Code Injection technique written in cpp language
  ☆32Updated 7 years ago
• jay / gethooks
  GetHooks is a program designed for the passive detection and monitoring of hooks from a limited user account.
  ☆61Updated 4 years ago