Alternatives and similar repositories for eBPFStudio:

Users that are interested in eBPFStudio are comparing it to the libraries listed below

• zodiacon / VerifierDLL
  Example of building an application verifer DLL
  ☆46Updated 11 months ago
• zodiacon / RemoteThreadDetection
  Remote Thread Detection with a Kernel Driver
  ☆30Updated 3 months ago
• 0xlane / com-process-inject
  Process Injection via Component Object Model (COM) IRundown::DoCallback().
  ☆59Updated 2 years ago
• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆75Updated 2 weeks ago
• zodiacon / winnativeapibooksamples
  Samples from my book Windows Native API programming
  ☆61Updated this week
• securedglobe / PersistantService
  A persistant Windows Service Proof of Concept, where the Service will run after Restart or Shutdown, and invoke a given software executab…
  ☆38Updated last year
• OxNinja / C-VM
  My try to implement a virtual CPU in C
  ☆19Updated last year
• zodiacon / WinEventHooks
  SetWinEventHook Sample
  ☆47Updated last year
• wwh1004 / AmsiBypassUacDetector
  Detect BypassUAC using AMSI
  ☆23Updated 2 months ago
• repnz / rpcmon
  RPC Monitor based on The ETW Microsoft-Windows-Rpc provider
  ☆24Updated 5 years ago
• Artem-Malyi / windbg-cheat-sheet
  WinDbg cheat sheet
  ☆12Updated last year
• gabriellandau / ShadowStackWalk
  Finding Truth in the Shadows
  ☆92Updated 2 years ago
• hid3rx / GhostWriting
  ☆30Updated last year
• m417z / LdrDllNotificationHook
  Hook all callbacks which are registered with LdrRegisterDllNotification
  ☆86Updated last month
• jdu2600 / CFG-FindHiddenShellcode
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆117Updated last year
• zodiacon / TotalSystem
  View Windows System in action
  ☆39Updated last month
• ReCryptLLC / CVE-2022-42045
  ☆38Updated last year
• zodiacon / KObjects
  Sample for Creating a new kernel object type and supporting API
  ☆24Updated 7 months ago
• MahmoudZohdy / IAT-Obfuscation
  IAT-Obfuscation to make static analysis of executable harder.
  ☆42Updated 3 years ago
• 0xMegaByte / COM-Explained
  ☆25Updated 2 years ago
• zodiacon / WMIExplorer
  ☆17Updated 9 months ago
• waleedassar / SyscallNumberFinder
  ☆33Updated 3 years ago
• rbmm / NtDetours
  Detours implementation (x64/x86) which used only ntdll import
  ☆90Updated 10 months ago
• je5442804 / CreateProcessInternalW-Full
  Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post
  ☆63Updated 8 months ago
• KangD1W2 / CVE-2021-26868
  ☆11Updated 4 years ago
• waleedassar / ALPC_CLIENT_SERVER
  Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.
  ☆21Updated 3 years ago
• not-matthias / vmprotect-rs
  Rust bindings for VMProtect.
  ☆25Updated last year
• tandasat / CVE-2022-25949
  A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.
  ☆38Updated 3 years ago
• zodiacon / TraceConnections
  Simple example for getting started with eBPF for Windows
  ☆44Updated 2 months ago
• m417z / x64dbg-symbol-tldr
  An x64dbg plugin which helps make sense of long C++ symbols
  ☆59Updated last year