Alternatives and similar repositories for NTSleuth

Users that are interested in NTSleuth are comparing it to the libraries listed below

• OtterHacker / Hooker
  ☆108Updated 11 months ago
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆161Updated 10 months ago
• whokilleddb / function-collections
  A collection of PoCs to do common things in unconventional ways
  ☆116Updated last month
• NVISOsecurity / codasm
  Payload encoding utility to effectively lower payload entropy.
  ☆120Updated 5 months ago
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆115Updated last year
• rad9800 / talks
  ☆59Updated 5 months ago
• hackerhouse-opensource / SetupHijack
  SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and up…
  ☆237Updated last week
• woldann / NThread
  Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…
  ☆55Updated last month
• mez-0 / citadel
  A Payload Analysis Framework
  ☆105Updated this week
• dis0rder0x00 / obex
  Obex – Blocking unwanted DLLs in user mode
  ☆227Updated 3 weeks ago
• HullaBrian / COMmander
  .NET tool used to enrich RPC telemetry
  ☆99Updated 3 months ago
• EvilBytecode / EvilByte-Remote-AMSI-Bypass
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆50Updated 5 months ago
• Kudaes / Eclipse
  Activation Context Hijack
  ☆170Updated 2 months ago
• eversinc33 / TriageMCP
  Vibe Malware Triage - MCP server for static PE analysis.
  ☆70Updated 4 months ago
• TwoSevenOneT / CreateProcessAsPPL
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆239Updated 3 weeks ago
• eversinc33 / PSXecute
  MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.
  ☆122Updated 10 months ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆208Updated 8 months ago
• MythicAgents / Hannibal
  A Mythic Agent written in PIC C.
  ☆200Updated 8 months ago
• Maldev-Academy / TrapFlagForSyscalling
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆125Updated last month
• 0xNinjaCyclone / AsmLdr
  Dynamic shellcode loader with sophisticated evasion capabilities
  ☆115Updated last week
• r0keb / TrashFormer
  A 64 bit executable junk code engine for polymorphic malware.
  ☆70Updated 3 months ago
• 0xsch1zo / NullGate
  Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
  ☆155Updated 2 months ago
• Karkas66 / CelestialSpark
  Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …
  ☆101Updated 6 months ago
• Maldev-Academy / Alphabetfuscation
  Convert your shellcode into an ASCII string
  ☆120Updated 3 months ago
• mannyfred / MentalTi
  Mentally ill EtwTi parser
  ☆66Updated last month
• 0xJs / EnumEDRs
  Enumerate active EDR's on the system
  ☆130Updated 2 weeks ago
• CyberSecurityUP / Offensive-Windows-Drivers-Development
  ☆160Updated 7 months ago
• rad9800 / FileRenameJunctionsEDRDisable
  ☆159Updated 9 months ago
• Dor00tkit / BamExtensionTableHook
  Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…
  ☆92Updated 3 months ago
• t-tani / defender2yara
  Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
  ☆126Updated this week