Alternatives and similar repositories for NTSleuth

Users that are interested in NTSleuth are comparing it to the libraries listed below

• OtterHacker / Hooker
  ☆108Updated last year
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆165Updated last year
• dis0rder0x00 / obex
  Obex – Blocking unwanted DLLs in user mode
  ☆275Updated 2 months ago
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆117Updated last year
• NVISOsecurity / codasm
  Payload encoding utility to effectively lower payload entropy.
  ☆119Updated 7 months ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆211Updated 10 months ago
• hackerhouse-opensource / SetupHijack
  SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and up…
  ☆259Updated 2 months ago
• 0xsch1zo / NullGate
  Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
  ☆161Updated 4 months ago
• Kudaes / Eclipse
  Activation Context Hijack
  ☆169Updated 4 months ago
• Kudaes / MFTool
  Direct access to NTFS volumes
  ☆290Updated 3 months ago
• whokilleddb / function-collections
  A collection of PoCs to do common things in unconventional ways
  ☆118Updated 3 months ago
• MythicAgents / Hannibal
  A Mythic Agent written in PIC C.
  ☆203Updated 10 months ago
• sensepost / pipetap
  A Windows Named Pipe Multi-tool / Proxy
  ☆76Updated this week
• HullaBrian / COMmander
  .NET tool used to enrich RPC telemetry
  ☆100Updated 5 months ago
• r0keb / TrashFormer
  A 64 bit executable junk code engine for polymorphic malware.
  ☆73Updated 5 months ago
• rad9800 / FileRenameJunctionsEDRDisable
  ☆159Updated 11 months ago
• MatheuZSecurity / ElfDoor-gcc
  ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.
  ☆132Updated 7 months ago
• andreisss / Remote-DLL-Injection-with-Timer-based-Shellcode-Execution
  Remote DLL Injection with Timer-based Shellcode Execution
  ☆151Updated 4 months ago
• deepinstinct / ShimMe
  ☆146Updated last year
• CyberSecurityUP / Offensive-Windows-Drivers-Development
  ☆164Updated 9 months ago
• warpnet / COM-Fuzzer
  Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…
  ☆151Updated 2 weeks ago
• Maldev-Academy / LsassHijackingViaReg
  Injecting DLL into LSASS at boot
  ☆154Updated 7 months ago
• Maldev-Academy / TrapFlagForSyscalling
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆136Updated 3 months ago
• RWXstoned / LdrShuffle
  Code execution/injection technique using DLL PEB module structure manipulation
  ☆215Updated 6 months ago
• 0xJs / BlockEDRTraffic
  Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …
  ☆251Updated 2 months ago
• rad9800 / talks
  ☆61Updated 7 months ago
• 0xJs / EnumEDRs
  Enumerate active EDR's on the system
  ☆146Updated 2 months ago
• wesmar / kvc
  KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch, skci.dll hijack, SeCiCallbacks redirection) and PP/PPL manipulatio…
  ☆129Updated last week
• outflanknl / edr-internals
  Tools for analyzing EDR agents
  ☆271Updated last year
• TierZeroSecurity / edr_blocker
  Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…
  ☆139Updated last year