Alternatives and similar repositories for NTSleuth

Users that are interested in NTSleuth are comparing it to the libraries listed below

• mez-0 / citadel
  A Payload Analysis Framework
  ☆84Updated 2 months ago
• reecdeep / hollowise
  Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …
  ☆37Updated 6 months ago
• klezVirus / koppeling-p
  Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
  ☆78Updated last year
• OtterHacker / Hooker
  ☆108Updated 10 months ago
• rad9800 / talks
  ☆58Updated 4 months ago
• mttaggart / quasar
  quASAR: ASAR manipulation made easy
  ☆38Updated 2 years ago
• eversinc33 / TriageMCP
  Vibe Malware Triage - MCP server for static PE analysis.
  ☆68Updated 3 months ago
• EvilBytecode / EvilByte-Remote-AMSI-Bypass
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆49Updated 3 months ago
• nothingspecialforu / EvtPsst
  EvtPsst
  ☆55Updated last year
• rbmm / TL-TASK
  ☆20Updated this week
• patrickt2017 / VEHNetLoader
  Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
  ☆38Updated last month
• voidvxvt / EnableAllTokenPrivs
  Enable or Disable TokenPrivilege(s)
  ☆14Updated last year
• BlackSnufkin / CheckPlz
  Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.
  ☆21Updated 8 months ago
• captainGeech42 / implant.js
  Proof-of-concept modular implant platform leveraging v8
  ☆55Updated 5 months ago
• HullaBrian / COMmander
  .NET tool used to enrich RPC telemetry
  ☆96Updated 2 months ago
• olafhartong / PockETWatcher
  a tiny program to consume from ETW providers for research
  ☆51Updated 7 months ago
• nbaertsch / Shrike
  Hunting and injecting RWX 'mockingjay' DLLs in pure nim
  ☆59Updated 8 months ago
• a7t0fwa7 / SymProcSleuth
  A pure C version of SymProcAddress
  ☆29Updated last year
• Bl4ckM1rror / PEAs
  ☆59Updated last year
• duhirsch / MoveEdr
  Permanently disable EDRs as local admin
  ☆94Updated 2 months ago
• CaptainNox / Hypnos
  A more reliable way of resolving syscall numbers in Windows
  ☆53Updated last year
• pulpocaminante / PPL-0day
  Demoting PPL anti-malware services to less than a guest user
  ☆64Updated 7 months ago
• offalltn / gitC2
  POC of GITHUB simple C2 in rust
  ☆52Updated last month
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆114Updated 11 months ago
• HulkOperator / AuthStager
  ☆57Updated 10 months ago
• ChaitanyaHaritash / IllusiveFog
  Windows Administrator level Implant.
  ☆50Updated 11 months ago
• kapellos / LNKSmuggler
  A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.
  ☆81Updated 7 months ago
• rad9800 / RansomFS
  ☆31Updated 6 months ago
• frkngksl / UnlinkDLL
  DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
  ☆57Updated last year
• Fitretech-Security / dylight
  macOS dylib stager
  ☆36Updated 7 months ago