Alternatives and similar repositories for NTSleuth

Users that are interested in NTSleuth are comparing it to the libraries listed below

• OtterHacker / Hooker
  ☆108Updated last year
• whokilleddb / function-collections
  A collection of PoCs to do common things in unconventional ways
  ☆122Updated 4 months ago
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆166Updated last year
• dis0rder0x00 / obex
  Obex – Blocking unwanted DLLs in user mode
  ☆279Updated 4 months ago
• Maldev-Academy / TrapFlagForSyscalling
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆138Updated 5 months ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆211Updated last year
• sensepost / pipetap
  A Windows Named Pipe Multi-tool / Proxy
  ☆250Updated last month
• 0xsch1zo / NullGate
  Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
  ☆165Updated 5 months ago
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆119Updated last year
• rad9800 / talks
  ☆60Updated 9 months ago
• MythicAgents / Hannibal
  A Mythic Agent written in PIC C.
  ☆206Updated 11 months ago
• NVISOsecurity / codasm
  Payload encoding utility to effectively lower payload entropy.
  ☆123Updated 9 months ago
• HullaBrian / COMmander
  .NET tool used to enrich RPC telemetry
  ☆101Updated 7 months ago
• warpnet / COM-Fuzzer
  Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…
  ☆154Updated 2 months ago
• MatheuZSecurity / ElfDoor-gcc
  ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.
  ☆130Updated 9 months ago
• hackerhouse-opensource / SetupHijack
  SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and up…
  ☆260Updated 3 months ago
• Kudaes / Eclipse
  Activation Context Hijack
  ☆169Updated 5 months ago
• 0xJs / BlockEDRTraffic
  Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …
  ☆256Updated 4 months ago
• deepinstinct / ShimMe
  ☆147Updated last year
• wesmar / kvc
  KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch, skci.dll hijack, SeCiCallbacks redirection) and PP/PPL manipulatio…
  ☆154Updated this week
• 0xJs / EnumEDRs
  Enumerate active EDR's on the system
  ☆148Updated 4 months ago
• Maldev-Academy / LsassHijackingViaReg
  Injecting DLL into LSASS at boot
  ☆156Updated 8 months ago
• zero2504 / EDR-GhostLocker
  AppLocker-Based EDR Neutralization
  ☆277Updated last month
• EvilBytecode / EvilByte-Remote-AMSI-Bypass
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆54Updated 8 months ago
• Workday / raw-disk-parser
  A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs
  ☆104Updated 4 months ago
• Kudaes / MFTool
  Direct access to NTFS volumes
  ☆291Updated 4 months ago
• rad9800 / FileRenameJunctionsEDRDisable
  ☆159Updated last year
• eversinc33 / TriageMCP
  Vibe Malware Triage - MCP server for static PE analysis.
  ☆74Updated last month
• CyberSecurityUP / Offensive-Windows-Drivers-Development
  ☆164Updated 10 months ago
• olafhartong / BamboozlEDR
  A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.
  ☆257Updated 4 months ago