Alternatives and similar repositories for Malwear-Sweet

Users that are interested in Malwear-Sweet are comparing it to the libraries listed below

• xrombar / flower

  View on GitHub
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆107Mar 25, 2024Updated last year
• S3cur3Th1sSh1t / Ruy-Lopez

  View on GitHub
  ☆319Jun 28, 2023Updated 2 years ago
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection

  View on GitHub
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆260Apr 29, 2023Updated 2 years ago
• connormcgarr / EATGuard

  View on GitHub
  Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)
  ☆115May 21, 2023Updated 2 years ago
• splexas / TrampHooker

  View on GitHub
  A mechanism that trampoline hooks functions in x86/x64 systems.
  ☆21Oct 9, 2024Updated last year
• dlima04 / thread-pool-injection

  View on GitHub
  PoC for thread pool based process injection in Windows.
  ☆121Mar 29, 2025Updated 10 months ago
• x0reaxeax / PageSplit

  View on GitHub
  Splitting and executing shellcode across multiple pages
  ☆103Jun 8, 2023Updated 2 years ago
• pygrum / gimmick

  View on GitHub
  Section-based payload obfuscation technique for x64
  ☆64Aug 8, 2024Updated last year
• x42en / sysplant

  View on GitHub
  Your syscall factory
  ☆126Jan 13, 2026Updated last month
• iilegacyyii / ThreadlessInject-BOF

  View on GitHub
  BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…
  ☆394Jan 9, 2024Updated 2 years ago
• Real-Cryillic / Sarla

  View on GitHub
  It's what all the kids are talking about
  ☆12Apr 25, 2023Updated 2 years ago
• Crypt0s / Ekko_CFG_Bypass

  View on GitHub
  A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
  ☆113Aug 29, 2022Updated 3 years ago
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆276Jan 23, 2025Updated last year
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆408Jan 11, 2026Updated last month
• 0xTriboulet / Red_Team_Code_Snippets

  View on GitHub
  random code snippets, useful for getting started
  ☆122Nov 29, 2025Updated 2 months ago
• enkomio / BrokenFlow

  View on GitHub
  A simple PoC to invoke an encrypted shellcode by using an hidden call
  ☆116Nov 19, 2022Updated 3 years ago
• EvanMcBroom / perfect-loader

  View on GitHub
  Load a dynamic library from memory by modifying the native Windows loader
  ☆282Jun 18, 2025Updated 7 months ago
• mr-r3bot / bof-modules

  View on GitHub
  BOF for C2 framework
  ☆44Nov 9, 2024Updated last year
• maziland / StackBombing

  View on GitHub
  Next gen process injection technique
  ☆54Jul 9, 2020Updated 5 years ago
• 0xv1n / proc-suspend

  View on GitHub
  powershell script i wrote that can suspend an arbitrary process (with limits)
  ☆22Mar 26, 2023Updated 2 years ago
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,199Oct 16, 2023Updated 2 years ago
• Wh04m1001 / GamingServiceEoP

  View on GitHub
  ☆150Mar 22, 2024Updated last year
• namazso / MagicSigner

  View on GitHub
  Signtool for expired certificates
  ☆515Jun 10, 2023Updated 2 years ago
• susMdT / LoudSunRun

  View on GitHub
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆254Oct 16, 2024Updated last year
• SaadAhla / D1rkInject

  View on GitHub
  Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…
  ☆185Aug 2, 2023Updated 2 years ago
• OffenseTeacher / NimRekey

  View on GitHub
  ☆39May 20, 2023Updated 2 years ago
• rasta-mouse / MinHook.NET

  View on GitHub
  A C# port of the MinHook API hooking library
  ☆55Oct 5, 2022Updated 3 years ago
• 0xEr3bus / ShadowForgeC2

  View on GitHub
  ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.
  ☆52Jul 15, 2023Updated 2 years ago
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆536Aug 1, 2022Updated 3 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• rad9800 / TamperingSyscalls

  View on GitHub
  ☆504Aug 14, 2022Updated 3 years ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆772Jan 26, 2026Updated 3 weeks ago
• EvanMcBroom / sleepy

  View on GitHub
  A lexer and parser for Sleep
  ☆20May 14, 2025Updated 9 months ago
• leftp / DPAPISnoop

  View on GitHub
  A C# tool to output crackable DPAPI hashes from user MasterKeys
  ☆140Sep 14, 2024Updated last year
• rbmm / RtlClone

  View on GitHub
  ☆42Feb 18, 2025Updated 11 months ago
• 0xTriboulet / Revenant

  View on GitHub
  Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework
  ☆389Jul 30, 2024Updated last year
• deepinstinct / NoFilter

  View on GitHub
  ☆301Oct 29, 2024Updated last year