Alternatives and similar repositories for Amaterasu

Users that are interested in Amaterasu are comparing it to the libraries listed below

• kyxiaxiang / AV_EDR_EPP_Notes
  ☆47Updated last year
• yzddmr6 / SharpAlternativeShellcodeExec
  Alternative Shellcode Execution Via Callbacks Rewrite In C#
  ☆88Updated 2 years ago
• BronzeTicket / ClipboardWindow-Inject
  CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback
  ☆69Updated 2 years ago
• Kara-4search / SysCall_ShellcodeLoad_Csharp
  Load shellcode via syscall
  ☆54Updated 3 years ago
• evilashz / Visual-Studio-BOF-template
  more conveniently Visual-Studio-BOF-template
  ☆65Updated last year
• Ryze-T / EdrKiller
  ☆91Updated 3 years ago
• bestspear / ReBeacon_ForClang
  Beacon compiled using clang
  ☆69Updated 2 years ago
• coleak2021 / vehsyscall
  vehsyscall:a syscall project that may bypass EDR
  ☆59Updated last year
• Octoberfest7 / KillDefender_BOF
  Beacon Object File implementation of pwn1sher's KillDefender
  ☆66Updated 2 years ago
• hid3rx / PEPacker
  ☆95Updated last year
• Haunted-Banshee / Shellcode-Hastur
  Shellcode Reductio Entropy Tools
  ☆67Updated last year
• b4nbird / shellcodeLoaders
  ☆26Updated last year
• Ethicalrat / Evasive-Loader
  Evasive loader to bypass static detection
  ☆60Updated last year
• ASkyeye / FilelessRemotePE
  Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
  ☆63Updated 2 years ago
• howmp / donut_ollvm
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆49Updated last year
• Nero22k / cve-2023-36802
  Exploit for CVE-2023-36802 targeting MSKSSRV.SYS driver
  ☆112Updated last year
• timwhitez / BinHol
  Binary Hollowing
  ☆76Updated 8 months ago
• baiyies / ScreenshotBOFPlus
  Take a screenshot without injection for Cobalt Strike
  ☆190Updated last year
• 0x3rhy / AddUser-Bof
  Cobalt Strike BOF that Add an admin user
  ☆73Updated 2 years ago
• evilashz / PigSyscall
  An implementation of an indirect system call
  ☆127Updated last year
• hackerhouse-opensource / ColorDataProxyUACBypass
  Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC b…
  ☆138Updated 2 years ago
• XiaoliChan / LDAPShell
  A wrapper of ldap_shell.py module which in ntlmrelayx
  ☆62Updated 2 years ago
• Cobalt-Strike / sleepmask-vs
  A simple Sleepmask BOF example
  ☆101Updated 9 months ago
• Hagrid29 / BOF-DCOMPotato-PrintNotify
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆49Updated 2 years ago
• timwhitez / killProcessPOC
  use aswArPot.sys to kill process
  ☆67Updated 2 years ago
• Hagrid29 / DuplicateDump
  Dumping LSASS with a duplicated handle from custom LSA plugin
  ☆201Updated 3 years ago
• AgeloVito / adduserbysamr-bof
  Cobalt Strike BOF that Add a user to localgroup by samr
  ☆129Updated 2 years ago
• alfarom256 / StinkyLoader
  It stinks
  ☆102Updated 3 years ago
• kyxiaxiang / CrackSleeve4.9
  ☆40Updated last year
• AgeloVito / self_delete_bof
  BOF implementation of delete self poc that delete a locked executable or a currently running file from disk by its pid, path, or the curr…
  ☆74Updated last year