Alternatives and similar repositories for rootkit

Users that are interested in rootkit are comparing it to the libraries listed below

• aaaddress1 / Lexa
  Windows Application Loader Running *.Exe files in Memory against Scrylla
  ☆21Updated 5 years ago
• y11en / r0ak
  r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems
  ☆14Updated 6 years ago
• d35ha / xKeLogger
  Kernel mode windows NT API logger
  ☆22Updated 5 years ago
• tsarpaul / WinRpcTutorial
  A working version of this tutorial: https://docs.microsoft.com/en-us/windows/desktop/rpc/tutorial
  ☆16Updated 6 years ago
• byck01 / KernelBugTest
  KernelBugTest
  ☆15Updated 7 years ago
• codingtest / EMET
  reversed emet tool
  ☆24Updated 12 years ago
• epakskape / greenshellcode
  Green shellcode challenge tools
  ☆22Updated 6 years ago
• Darkabode / amte
  Analysis and Modification Tool for Executables
  ☆16Updated 6 years ago
• emc2314 / PEZEncrypt
  PE Infector/Cryptor source code
  ☆15Updated 8 years ago
• NtRaiseHardError / Providence
  Kernel-mode file scanner
  ☆18Updated 6 years ago
• OrShazam / ChainEngine
  automates exploits using ROP chains, using ntdll-scraper
  ☆16Updated 3 years ago
• Darkabode / possessor
  User-mode part of Zerokit platform
  ☆20Updated 6 years ago
• humeafo / scc
  a C/C++ shellcode compiler based on llvm/clang
  ☆36Updated 9 years ago
• Darkabode / 0lib
  Zerokit shared code
  ☆16Updated 6 years ago
• blaquee / APCHook
  hooking KiUserApcDispatcher
  ☆24Updated 8 years ago
• hasherezade / loaderine
  A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.
  ☆19Updated 7 years ago
• waleedassar / SyscallNumberFinder
  ☆33Updated 3 years ago
• 0xhido / BlueLight
  Open-source EDR kernel-component for system monitoring and DLL injection
  ☆31Updated 4 years ago
• frego / fwshell
  Reverse Windows shell over TLS
  ☆19Updated 9 years ago
• t57root / amcsh
  A More Comfortable (remote) SHell with full pty support and both reverse / bindport connection mode.
  ☆30Updated 12 years ago
• OsandaMalith / PESecInfo
  A simple tool to view important DLL Characteristics and change DEP and ASLR
  ☆44Updated 6 years ago
• Nerlant / SyscallDumper
  ☆19Updated 6 years ago
• SLAUC91 / DLLFinder
  Enumerate the DLLs/Modules using NtQueryVirtualMemory
  ☆32Updated 10 years ago
• dro / uac-launchinf-poc
  Windows 10 UAC bypass PoC using LaunchInfSection
  ☆34Updated 6 years ago
• NtRaiseHardError / Windows-Binary-Exploitation
  Resources from my journey into Windows binary exploitation
  ☆22Updated 6 years ago
• zhuhuibeishadiao / exploit-RemoteDesktopServerDriver
  exploit termdd.sys(support kb4499175)
  ☆59Updated 5 years ago
• eLoopWoo / kernel-drivers-windows
  Modify data structures in the Windows kernel, hiding processes by PID
  ☆15Updated 7 years ago
• NoviceLive / shellcoding
  Introduce you to shellcode development.
  ☆23Updated 9 years ago
• wanttobeno / wmifilter
  驱动层拦截web访问源码
  ☆29Updated 7 years ago
• n3k / misc_exploits_pocs
  Miscellaneous old Exploit code and PoCs
  ☆16Updated 8 months ago