xaitax / NTSleuthLinks
Comprehensive Windows Syscall Extraction & Analysis Framework
☆152Updated 2 months ago
Alternatives and similar repositories for NTSleuth
Users that are interested in NTSleuth are comparing it to the libraries listed below
Sorting:
- ☆108Updated last year
- "Service-less" driver loading☆162Updated 11 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆117Updated last year
- SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and up…☆254Updated last month
- Obex – Blocking unwanted DLLs in user mode☆265Updated 2 months ago
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆129Updated 3 weeks ago
- ☆60Updated 6 months ago
- Vibe Malware Triage - MCP server for static PE analysis.☆72Updated 6 months ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆159Updated 3 months ago
- Direct access to NTFS volumes☆283Updated 2 months ago
- Windows rootkit designed to work with BYOVD exploits☆211Updated 10 months ago
- .NET tool used to enrich RPC telemetry☆99Updated 5 months ago
- A Payload Analysis Framework☆110Updated last month
- A Mythic Agent written in PIC C.☆202Updated 9 months ago
- A collection of PoCs to do common things in unconventional ways☆119Updated 2 months ago
- Payload encoding utility to effectively lower payload entropy.☆120Updated 7 months ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆132Updated 2 months ago
- Mentally ill EtwTi parser☆66Updated last month
- Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…☆58Updated last month
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆130Updated 7 months ago
- ☆164Updated 8 months ago
- Activation Context Hijack☆170Updated 3 months ago
- MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.☆121Updated 11 months ago
- A 64 bit executable junk code engine for polymorphic malware.☆71Updated 5 months ago
- ☆159Updated 11 months ago
- ☆145Updated last year
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆101Updated 7 months ago
- A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs☆97Updated 2 months ago
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆39Updated 9 months ago
- Convert your shellcode into an ASCII string☆125Updated 4 months ago