Alternatives and similar repositories for NTSleuth

Users that are interested in NTSleuth are comparing it to the libraries listed below

• OtterHacker / Hooker
  ☆108Updated last year
• dis0rder0x00 / obex
  Obex – Blocking unwanted DLLs in user mode
  ☆277Updated 3 months ago
• sensepost / pipetap
  A Windows Named Pipe Multi-tool / Proxy
  ☆217Updated 3 weeks ago
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆167Updated last year
• whokilleddb / function-collections
  A collection of PoCs to do common things in unconventional ways
  ☆122Updated 4 months ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆211Updated 11 months ago
• hackerhouse-opensource / SetupHijack
  SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and up…
  ☆261Updated 3 months ago
• rad9800 / talks
  ☆59Updated 8 months ago
• warpnet / COM-Fuzzer
  Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…
  ☆154Updated last month
• Kudaes / Eclipse
  Activation Context Hijack
  ☆169Updated 4 months ago
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆118Updated last year
• zero2504 / EDR-GhostLocker
  AppLocker-Based EDR Neutralization
  ☆216Updated 2 weeks ago
• NVISOsecurity / codasm
  Payload encoding utility to effectively lower payload entropy.
  ☆120Updated 8 months ago
• 0xJs / EnumEDRs
  Enumerate active EDR's on the system
  ☆148Updated 3 months ago
• yo-yo-yo-jbo / commandline_spoofing
  Commandline spoofing on Windows
  ☆89Updated last month
• Kudaes / MFTool
  Direct access to NTFS volumes
  ☆292Updated 3 months ago
• 0xsch1zo / NullGate
  Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
  ☆164Updated 5 months ago
• EvilBytecode / EvilByte-Remote-AMSI-Bypass
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆54Updated 7 months ago
• Maldev-Academy / TrapFlagForSyscalling
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆137Updated 4 months ago
• MatheuZSecurity / ElfDoor-gcc
  ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.
  ☆132Updated 8 months ago
• HullaBrian / COMmander
  .NET tool used to enrich RPC telemetry
  ☆101Updated 6 months ago
• MythicAgents / Hannibal
  A Mythic Agent written in PIC C.
  ☆207Updated 10 months ago
• CyberSecurityUP / Offensive-Windows-Drivers-Development
  ☆164Updated 9 months ago
• eversinc33 / TriageMCP
  Vibe Malware Triage - MCP server for static PE analysis.
  ☆74Updated last month
• outflanknl / edr-internals
  Tools for analyzing EDR agents
  ☆274Updated last year
• 0xJs / BlockEDRTraffic
  Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …
  ☆256Updated 3 months ago
• mannyfred / MentalTi
  Mentally ill EtwTi parser
  ☆67Updated 2 months ago
• reecdeep / hollowise
  Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …
  ☆39Updated 10 months ago
• r0keb / TrashFormer
  A 64 bit executable junk code engine for polymorphic malware.
  ☆74Updated 6 months ago
• wesmar / kvc
  KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch, skci.dll hijack, SeCiCallbacks redirection) and PP/PPL manipulatio…
  ☆135Updated 2 weeks ago