Alternatives and similar repositories for HVCI-loldrivers-check

Users that are interested in HVCI-loldrivers-check are comparing it to the libraries listed below

• ahkeur / VEH2

  View on GitHub
  A Patchless AMSI Bypass Technique using VEH²
  ☆30Jun 22, 2025Updated 7 months ago
• EspressoCake / DefenderPathExclusions

  View on GitHub
  Creation and removal of Defender path exclusions and exceptions in C#.
  ☆33Nov 1, 2023Updated 2 years ago
• nick-frischkorn / SysWhispers-FunctionRandomizer

  View on GitHub
  Quick python script to replace the NtAPI functions within SysWhispers' assembly and header files with random strings
  ☆28May 30, 2022Updated 3 years ago
• HackingLZ / saas_enum

  View on GitHub
  Command-line tool for discovering SaaS platforms a company uses via DNS enumeration
  ☆35Jul 23, 2025Updated 6 months ago
• trustedsec / CS_COFFLoader

  View on GitHub
  ☆131Dec 4, 2023Updated 2 years ago
• Sh0ckFR / API-Hashing

  View on GitHub
  A basic exemple of the API-Hashing method used by Red Teamers but also by malwares developers in C++
  ☆37Jan 10, 2024Updated 2 years ago
• FuzzySecurity / Magikarp

  View on GitHub
  ECC Public Key Cryptography
  ☆37Oct 29, 2023Updated 2 years ago
• MzHmO / DebugAmsi

  View on GitHub
  DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
  ☆102Sep 18, 2023Updated 2 years ago
• ChoiSG / GwisinMsi

  View on GitHub
  PoC MSI payload based on ASEC/AhnLab's blog post
  ☆25Sep 19, 2022Updated 3 years ago
• Kharos102 / ReadWriteDriverSample

  View on GitHub
  ☆25Apr 28, 2024Updated last year
• 0xflux / Scil

  View on GitHub
  System Call Integrity Layer - experimental security research
  ☆25Jan 31, 2026Updated 2 weeks ago
• alwashali / yaa

  View on GitHub
  yaa - yaml search for humans
  ☆12Dec 8, 2025Updated 2 months ago
• ZeroMemoryEx / Overlord

  View on GitHub
  abusing Process Hacker driver to terminate other processes (BYOVD)
  ☆83May 23, 2023Updated 2 years ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆243Sep 26, 2023Updated 2 years ago
• 0xf4r / cmd-bypass

  View on GitHub
  The command prompt has been disabled by your administrator
  ☆43May 18, 2023Updated 2 years ago
• FatRodzianko / Get-Writable

  View on GitHub
  Find world writable directories that contain a .exe or .dll file
  ☆13Aug 31, 2021Updated 4 years ago
• Joflixen / signtool

  View on GitHub
  Signing Visual Basic Macros in Office Files
  ☆14Oct 25, 2020Updated 5 years ago
• jfjallid / go-cmloot

  View on GitHub
  A tool to enumerate and download files from the System Center Configuration Manager (SCCM) SMB share (SCCMContentLib)
  ☆16Jul 27, 2024Updated last year
• cbwang505 / Win11PoolView

  View on GitHub
  正确解析 _HEAP_VS_***符号 ,支持在最新win11 24h2 运行,替换windbg自带的!pool命令
  ☆17Nov 30, 2024Updated last year
• elastic / Silhouette

  View on GitHub
  Keep it secret, keep it safe
  ☆80Feb 6, 2025Updated last year
• therealdreg / dregate

  View on GitHub
  call gates as stable comunication channel for NT x86 and Linux x86_64
  ☆32Aug 11, 2023Updated 2 years ago
• SaadAhla / D1rkSleep

  View on GitHub
  Improved version of EKKO by @5pider that Encrypts only Image Sections
  ☆125Feb 13, 2023Updated 3 years ago
• itaymigdal / LOLSpoof

  View on GitHub
  An interactive shell to spoof some LOLBins command line
  ☆188Jan 27, 2024Updated 2 years ago
• thalium / WinDbgFastObj

  View on GitHub
  ☆21Jun 3, 2021Updated 4 years ago
• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆41Aug 28, 2024Updated last year
• redcanaryco / ansible-atomic-red-team

  View on GitHub
  This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam
  ☆27Jul 4, 2024Updated last year
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆408Jan 11, 2026Updated last month
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆675Dec 23, 2022Updated 3 years ago
• mosajjal / dnsconn

  View on GitHub
  DNS Tunneling as net.Conn
  ☆16Dec 22, 2024Updated last year
• nickvourd / GetWebDAVStatus

  View on GitHub
  Determine if the WebClient Service (WebDAV) is running on a remote system
  ☆21Nov 28, 2025Updated 2 months ago
• dmcxblue / SharpBlackout

  View on GitHub
  Terminate AV/EDR leveraging BYOVD attack
  ☆104Mar 21, 2025Updated 10 months ago
• Gerenios / AADInternals-Endpoints

  View on GitHub
  AADInternals-Endpoints PowerShell module
  ☆33Jul 2, 2025Updated 7 months ago
• danti1988 / adcshunter

  View on GitHub
  Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.
  ☆82Sep 13, 2024Updated last year
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 2 years ago
• Signal-Labs / iat_unhook_sample

  View on GitHub
  (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…
  ☆136Mar 3, 2025Updated 11 months ago
• timwhitez / JmpUnhook

  View on GitHub
  Ntdll Unhooking POC
  ☆19Aug 12, 2022Updated 3 years ago
• mubix / lmo

  View on GitHub
  LetMeOutOfYour.net Resources
  ☆21Jul 15, 2020Updated 5 years ago
• ZERODETECTION / MSC_Dropper

  View on GitHub
  ☆246Jul 31, 2024Updated last year
• Z4kSec / IoctlHunter

  View on GitHub
  IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.
  ☆105Jan 17, 2024Updated 2 years ago