Alternatives and similar repositories for T-70

Users that are interested in T-70 are comparing it to the libraries listed below

• xpn / mythic_mcp

  View on GitHub
  A simple POC to expose Mythic as a MCP server
  ☆73Mar 20, 2025Updated 10 months ago
• tijme / nimplant-beacon-position-independent-c-code

  View on GitHub
  A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.
  ☆66Feb 11, 2025Updated last year
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• dmcxblue / PyObscura

  View on GitHub
  A python script that automates a C2 Profile build
  ☆48Dec 14, 2025Updated 2 months ago
• CroodSolutions / BypassIT

  View on GitHub
  BypassIT is a framework for covert malware delivery and post-exploitation using AutoIT for red / blue team self assessment.
  ☆45Jul 6, 2025Updated 7 months ago
• NtDallas / Svartalfheim

  View on GitHub
  Stage 0
  ☆169Dec 18, 2024Updated last year
• susMdT / clr-thing

  View on GitHub
  rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.
  ☆17Jan 6, 2024Updated 2 years ago
• Teach2Breach / NtCreateUserProcess_rs

  View on GitHub
  example using NtCreateUserProcess in rust
  ☆19Jan 20, 2025Updated last year
• 0xflux / Vectored-Exception-Handling-Squared

  View on GitHub
  Vectored Exception Handling Squared
  ☆29Dec 27, 2025Updated last month
• Teach2Breach / rpeloader

  View on GitHub
  use python on windows with full submodule support without installation
  ☆30Jan 23, 2025Updated last year
• Antonlovesdnb / ConstructingDefenseLab

  View on GitHub
  Ludus range for the Constructing Defense Lab
  ☆74Nov 10, 2025Updated 3 months ago
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆220Oct 30, 2025Updated 3 months ago
• tijme / relocatable

  View on GitHub
  Boilerplate to develop raw and truly Position Independent Code (PIC).
  ☆116Jan 20, 2025Updated last year
• EspressoCake / cIdentifyServiceDependencies_BOF

  View on GitHub
  Beacon Object File (BOF) for identifying dependent child services of a given parent.
  ☆18Jun 20, 2025Updated 7 months ago
• vxCrypt0r / Voidmaw

  View on GitHub
  A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…
  ☆339Oct 7, 2024Updated last year
• EspressoCake / ADIDNS_Parser

  View on GitHub
  Parser and reconciliation tooling for large Active Directory environments.
  ☆33Feb 18, 2025Updated 11 months ago
• Teach2Breach / hollow_rs

  View on GitHub
  A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
  ☆30Feb 7, 2025Updated last year
• JJK96 / PIClin

  View on GitHub
  From C, Rust or Zig to binary shellcode compiler based on Mingw gcc. It allows using Win32 APIs and standard libraries without any change…
  ☆53Sep 22, 2025Updated 4 months ago
• HulkOperator / AuthStager

  View on GitHub
  ☆59Oct 24, 2024Updated last year
• 0xTriboulet / Abomination

  View on GitHub
  A synergized Visual Studio and Rust development environment
  ☆19Jan 25, 2025Updated last year
• NtDallas / KrakenMask

  View on GitHub
  Sleep obfuscation
  ☆265Dec 13, 2024Updated last year
• BishopFox / sliver-wasm-stager

  View on GitHub
  A stager and implant that executes remote Web Assembly
  ☆33Feb 4, 2026Updated last week
• paranoidninja / PI-Tracker

  View on GitHub
  A tracker DLL which enables 'NTAPI->Syscall' tracking whenever it is loaded. It calls 'NtSetInformationProcess' API call with a callback …
  ☆14Oct 21, 2024Updated last year
• waawaa / Hooked-Injector

  View on GitHub
  Hooked create process injection for meterpreter
  ☆23Jun 16, 2021Updated 4 years ago
• silentwarble / hbin_template

  View on GitHub
  Post-Ex BOF tooling for Hannibal
  ☆24Nov 20, 2024Updated last year
• MythicAgents / Hannibal

  View on GitHub
  A Mythic Agent written in PIC C.
  ☆206Feb 4, 2025Updated last year
• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆231Feb 12, 2025Updated last year
• OtterHacker / Hooker

  View on GitHub
  ☆109Oct 29, 2024Updated last year
• ColeHouston / theHandler-BOF

  View on GitHub
  Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
  ☆38Aug 5, 2025Updated 6 months ago
• garrettfoster13 / ldap_bofs

  View on GitHub
  Random BOFs for LDAP tradecraft
  ☆72Sep 9, 2025Updated 5 months ago
• safedv / Rustic64

  View on GitHub
  64-bit, position-independent implant template for Windows in Rust.
  ☆172Nov 28, 2025Updated 2 months ago
• paranoidninja / BRC4-BOF-Artillery

  View on GitHub
  ☆145Nov 6, 2025Updated 3 months ago
• whokilleddb / sinister-vsix

  View on GitHub
  Blog/Journal on how to backdoor VSCode extensions
  ☆76Updated this week
• iilegacyyii / DataInject-BOF

  View on GitHub
  Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
  ☆135Apr 18, 2025Updated 9 months ago
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆128Oct 4, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• 0xTriboulet / T-1

  View on GitHub
  T-1 is a shellcode loader that leverages ML techniques to detect VM environments
  ☆34Oct 30, 2024Updated last year
• HulkOperator / Spoof-RetAddr

  View on GitHub
  ☆36Nov 8, 2024Updated last year
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year