Alternatives and similar repositories for NTSleuth

Users that are interested in NTSleuth are comparing it to the libraries listed below

• OtterHacker / Hooker
  ☆108Updated 10 months ago
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆161Updated 9 months ago
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆114Updated last year
• dis0rder0x00 / obex
  Obex – Blocking unwanted DLLs in user mode
  ☆80Updated this week
• rad9800 / talks
  ☆59Updated 4 months ago
• eversinc33 / TriageMCP
  Vibe Malware Triage - MCP server for static PE analysis.
  ☆68Updated 4 months ago
• whokilleddb / function-collections
  A collection of PoCs to do common things in unconventional ways
  ☆111Updated 3 weeks ago
• EvilBytecode / EvilByte-Remote-AMSI-Bypass
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆50Updated 4 months ago
• r0keb / TrashFormer
  A 64 bit executable junk code engine for polymorphic malware.
  ☆69Updated 3 months ago
• HullaBrian / COMmander
  .NET tool used to enrich RPC telemetry
  ☆100Updated 3 months ago
• eversinc33 / PSXecute
  MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.
  ☆120Updated 9 months ago
• Kudaes / Eclipse
  Activation Context Hijack
  ☆165Updated last month
• NVISOsecurity / codasm
  Payload encoding utility to effectively lower payload entropy.
  ☆119Updated 5 months ago
• Dor00tkit / BamExtensionTableHook
  Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…
  ☆89Updated 2 months ago
• reecdeep / hollowise
  Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …
  ☆38Updated 7 months ago
• Maldev-Academy / TrapFlagForSyscalling
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆115Updated 3 weeks ago
• mez-0 / citadel
  A Payload Analysis Framework
  ☆84Updated 2 months ago
• pulpocaminante / PPL-0day
  Demoting PPL anti-malware services to less than a guest user
  ☆63Updated 7 months ago
• mannyfred / MentalTi
  Mentally ill EtwTi parser
  ☆65Updated last week
• t-tani / defender2yara
  Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
  ☆122Updated this week
• Archie-osu / PowerHook
  Hooking KPRCB IdlePreselect function to gain execution inside PID 0.
  ☆68Updated 5 months ago
• rad9800 / FileRenameJunctionsEDRDisable
  ☆157Updated 9 months ago
• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆79Updated 3 months ago
• MythicAgents / Hannibal
  A Mythic Agent written in PIC C.
  ☆199Updated 7 months ago
• TwoSevenOneT / CreateProcessAsPPL
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆190Updated last week
• woldann / NThread
  Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…
  ☆55Updated 2 weeks ago
• deepinstinct / ShimMe
  ☆146Updated 10 months ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆206Updated 8 months ago
• kr0tt / EarlyExceptionHandling
  Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH
  ☆62Updated 3 weeks ago
• mannyfred / SentinelBruh
  Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution
  ☆42Updated last year