☆11Feb 19, 2023Updated 3 years ago
Alternatives and similar repositories for windows
Users that are interested in windows are comparing it to the libraries listed below
Sorting:
- Inject unsigned DLL into Protected Process Light (PPL)☆41May 8, 2025Updated 10 months ago
- Anti-Rootkit Tool for Windows☆12Mar 24, 2025Updated 11 months ago
- A BOF to create a scheduled task using a COM object.☆16Dec 3, 2024Updated last year
- Change hash for a signed pe☆17Jul 18, 2023Updated 2 years ago
- Some crazy PE executables protection kernel driver☆20May 2, 2020Updated 5 years ago
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆44Sep 22, 2024Updated last year
- Beacon compiled using clang☆71Jan 22, 2023Updated 3 years ago
- 在cobaltstrike中使用的bof工具集,收集整理验证好用的bof。☆17Sep 30, 2021Updated 4 years ago
- my exp for CVE-2020-27194, tested on linux kernel 5.8.14.☆15Feb 3, 2021Updated 5 years ago
- A small commented POC for removing API hooks placed by AV/EDR.☆34Jun 12, 2020Updated 5 years ago
- bootkit驱动映射,三环进程注入加载指定模块☆14Oct 8, 2024Updated last year
- 通过分析流量,快速检查手机是否被APT攻击☆35Oct 19, 2025Updated 5 months ago
- ☆14Sep 5, 2024Updated last year
- AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.☆52Mar 13, 2026Updated last week
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆30Jul 12, 2021Updated 4 years ago
- Process hiding library☆19Feb 23, 2020Updated 6 years ago
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- Run "whatever you want" as TrustedInstaller☆19Dec 1, 2018Updated 7 years ago
- A simple BOF that disables some logging with NtSetInformationProcess☆14Oct 13, 2023Updated 2 years ago
- WinAPI DllMain() and its hook in Golang. To build & run in bash: $ make☆23Oct 30, 2018Updated 7 years ago
- Etwti-UnhookPOC just for test☆12Aug 23, 2022Updated 3 years ago
- ☆17Aug 25, 2022Updated 3 years ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆14Jul 9, 2023Updated 2 years ago
- IDA Pro plugin to aid with the analysis of native IIS modules☆21Aug 1, 2024Updated last year
- A Cobalt Strike beacon implemented in Nim.☆26Jul 16, 2025Updated 8 months ago
- creddump bypass AV☆42Nov 6, 2020Updated 5 years ago
- 神器獬廌-CobaltStrike综合框架☆10Oct 15, 2022Updated 3 years ago
- ☆20Feb 1, 2026Updated last month
- Kill Protected Process Light Process (include av)☆57Sep 15, 2023Updated 2 years ago
- Purple Team Dropper generator using open source templates.☆17May 23, 2024Updated last year
- ☆15Nov 24, 2022Updated 3 years ago
- C# project to Reflectively load .Net assemblies in memory☆19Jun 19, 2024Updated last year
- This tool is used to handle firmware that binwalk cannot unpack directly and is mainly used for OOB removal, ECC removal, and bad block r…☆18Nov 14, 2022Updated 3 years ago
- ☆11Mar 11, 2019Updated 7 years ago
- Get random bytes from the TPM (tool + BCrypt RNG provider)☆17Nov 3, 2020Updated 5 years ago
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 3 years ago
- Hacky code for extracting calls in DLLs by function☆17Jun 3, 2022Updated 3 years ago
- Artefacts for Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land☆11Jul 7, 2021Updated 4 years ago