Alternatives and similar repositories for malk

Users that are interested in malk are comparing it to the libraries listed below

• waleedassar / ALPC_CLIENT_SERVER

  View on GitHub
  Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.
  ☆21Jan 25, 2022Updated 4 years ago
• iqrw0 / DieDMAProtection

  View on GitHub
  ☆29Mar 9, 2024Updated last year
• ByteWhite1x1 / PatchGuardResearch

  View on GitHub
  Bypassing kernel patch protection runtime
  ☆21Feb 19, 2023Updated 2 years ago
• SamuelTulach / HookGuard

  View on GitHub
  Hooking Windows' exception dispatcher to protect process's PML4
  ☆225Jan 24, 2025Updated last year
• nccgroup / DetectWindowsCopyOnWriteForAPI

  View on GitHub
  Enumerate various traits from Windows processes as an aid to threat hunting
  ☆202Jan 13, 2022Updated 4 years ago
• KelvinMsft / TechMyths

  View on GitHub
  ☆18Mar 28, 2023Updated 2 years ago
• Cr4sh / KernelForge

  View on GitHub
  A library to develop kernel level Windows payloads for post HVCI era
  ☆483May 18, 2021Updated 4 years ago
• keowu / wintapix

  View on GitHub
  Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence a…
  ☆22Jul 6, 2024Updated last year
• Nitr0-G / DriverLoader

  View on GitHub
  it's a driver injector or driver loader header lib(Windows)
  ☆12Aug 5, 2023Updated 2 years ago
• unkbyte / measured_boot_poc

  View on GitHub
  Leveraging TPM2 TCG Logs (Measured Boot) to Detect UEFI Drivers and Pre-Boot Applications
  ☆22Mar 28, 2025Updated 10 months ago
• boom-cr3 / NotifyRoutineHijackThread

  View on GitHub
  Hijack NotifyRoutine for a kernelmode thread
  ☆41Jun 4, 2022Updated 3 years ago
• AdamOron / PatchGuardBypass

  View on GitHub
  Bypassing PatchGuard on modern x64 systems
  ☆265Apr 9, 2023Updated 2 years ago
• tandasat / hvext

  View on GitHub
  The Windbg extensions to study Hyper-V on Intel and AMD processors.
  ☆169Aug 29, 2025Updated 5 months ago
• 1401199262 / HookHvcallCodeVa

  View on GitHub
  ☆23May 8, 2023Updated 2 years ago
• ekknod / acdrv

  View on GitHub
  base for testing
  ☆186Sep 28, 2024Updated last year
• ByteWhite1x1 / Driver-DKOM

  View on GitHub
  An advanced DKOM for drivers with "DRIVER_OBJECT"
  ☆22Feb 19, 2023Updated 2 years ago
• elastic / PPLGuard

  View on GitHub
  ☆70Feb 6, 2025Updated last year
• 0xcpu / ExecutiveCallbackObjects

  View on GitHub
  Research on Windows Kernel Executive Callback Objects
  ☆315Feb 22, 2020Updated 5 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆246Jul 9, 2024Updated last year
• KiFilterFiberContext / warbird-hook

  View on GitHub
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆265Aug 31, 2022Updated 3 years ago
• gabriellandau / ItsNotASecurityBoundary

  View on GitHub
  ☆192Jul 29, 2024Updated last year
• tandasat / recon2024_demo

  View on GitHub
  Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No …
  ☆23Jun 16, 2024Updated last year
• VollRagm / PTView

  View on GitHub
  Browse Page Tables on Windows (Page Table Viewer)
  ☆234Apr 2, 2022Updated 3 years ago
• WolfyZ99 / Kernel-AntiCheat

  View on GitHub
  ☆70Aug 31, 2021Updated 4 years ago
• scrt / KexecDDPlus

  View on GitHub
  Exploiting the KsecDD Windows driver through Server Silos
  ☆76Nov 11, 2024Updated last year
• singlefreshBird / Rootkit

  View on GitHub
  Rookit and anti rookit on Windows platform
  ☆14Apr 30, 2024Updated last year
• gabriellandau / ShadowStackWalk

  View on GitHub
  Finding Truth in the Shadows
  ☆120Jan 26, 2023Updated 3 years ago
• OccamsXor / Dragnmove

  View on GitHub
  Infect Shared Files In Memory for Lateral Movement
  ☆196Dec 14, 2022Updated 3 years ago
• kkent030315 / CiGetCertPublisherName

  View on GitHub
  An example code of CiGetCertPublisherName
  ☆17Mar 24, 2022Updated 3 years ago
• daaximus / arch_enum

  View on GitHub
  A small tool for rapid enumeration of CPUID, and MSR fields.
  ☆29Jan 30, 2024Updated 2 years ago
• A-Normal-User / NtSocket_NtClient_NtServer

  View on GitHub
  Using NtCreateFile and NtDeviceIoControlFile to realize the function of winsock（利用NtCreateFile和NtDeviceIoControlFile 实现winsock的功能）
  ☆127Sep 9, 2022Updated 3 years ago
• xsh3llsh0ck / MilkBox

  View on GitHub
  Tool to dump EFI runtime drivers.
  ☆39Feb 23, 2024Updated last year
• connormcgarr / EATGuard

  View on GitHub
  Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)
  ☆115May 21, 2023Updated 2 years ago
• kkent030315 / PageTableInjection

  View on GitHub
  Code Injection, Inject malicious payload via pagetables pml4.
  ☆242Jul 7, 2021Updated 4 years ago
• SaadAhla / BlockOpenHandle

  View on GitHub
  Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…
  ☆172Apr 27, 2023Updated 2 years ago
• zer0condition / ZeroThreadKernel

  View on GitHub
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆159Apr 13, 2023Updated 2 years ago
• zer0condition / ZeroHVCI

  View on GitHub
  Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…
  ☆253Oct 26, 2024Updated last year
• D4stiny / ExceptionOrientedProgramming

  View on GitHub
  Abusing exceptions for code execution.
  ☆113Jan 30, 2023Updated 3 years ago
• P1tt1cus / FastSymApi

  View on GitHub
  FastSymApi - A Fast API PDB Symbol Cache Server that efficiently caches and compresses PDBs on disk for quick and repeated retrieval.
  ☆19Jul 10, 2025Updated 7 months ago