Alternatives and similar repositories for MDE_Enum

Users that are interested in MDE_Enum are comparing it to the libraries listed below

• ricardojoserf / NativeDump

  View on GitHub
  Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
  ☆698May 7, 2025Updated 9 months ago
• rasta-mouse / CsWhispers

  View on GitHub
  Source generator to add D/Invoke and indirect syscall methods to a C# project.
  ☆186Mar 4, 2024Updated last year
• CICADA8-Research / RemoteKrbRelay

  View on GitHub
  Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
  ☆635May 8, 2025Updated 9 months ago
• AlteredSecurity / Disable-TamperProtection

  View on GitHub
  A POC to disable TamperProtection and other Defender / MDE components
  ☆254Jun 6, 2024Updated last year
• synacktiv / Invoke-RunAsWithCert

  View on GitHub
  A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.
  ☆171May 13, 2024Updated last year
• nbaertsch / nimvoke

  View on GitHub
  Indirect syscalls + DInvoke made simple.
  ☆96Dec 24, 2024Updated last year
• vxCrypt0r / Voidgate

  View on GitHub
  A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…
  ☆591Jun 12, 2024Updated last year
• ricardojoserf / TrickDump

  View on GitHub
  Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
  ☆536May 9, 2025Updated 9 months ago
• Meowmycks / LetMeowIn

  View on GitHub
  A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
  ☆442Jul 8, 2024Updated last year
• decoder-it / KrbRelay-SMBServer

  View on GitHub
  ☆235Oct 8, 2024Updated last year
• nettitude / SharpConflux

  View on GitHub
  ☆65Mar 15, 2024Updated last year
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆678Oct 23, 2024Updated last year
• 0xEr3bus / RdpStrike

  View on GitHub
  Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.
  ☆249Jun 11, 2024Updated last year
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• rtecCyberSec / Packer_Development

  View on GitHub
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆282Jun 15, 2024Updated last year
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆155Jul 23, 2025Updated 6 months ago
• Mr-Un1k0d3r / .NetConfigLoader

  View on GitHub
  .net config loader
  ☆348Nov 9, 2023Updated 2 years ago
• deh00ni / NtDumpBOF

  View on GitHub
  ☆100Sep 1, 2024Updated last year
• MzHmO / Parasite-Invoke

  View on GitHub
  Hide your P/Invoke signatures through other people's signed assemblies
  ☆211Mar 10, 2024Updated last year
• CCob / Shwmae

  View on GitHub
  ☆160Jan 27, 2025Updated last year
• vxCrypt0r / AMSI_VEH

  View on GitHub
  A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…
  ☆167May 30, 2024Updated last year
• synacktiv / DLHell

  View on GitHub
  Local & remote Windows DLL Proxying
  ☆170Jun 17, 2024Updated last year
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆194Nov 27, 2024Updated last year
• Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV

  View on GitHub
  Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
  ☆288May 27, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• Mayyhem / Maestro

  View on GitHub
  Abusing Azure services over C2
  ☆368Jan 20, 2026Updated 3 weeks ago
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆432Dec 21, 2023Updated 2 years ago
• itaymigdal / LOLSpoof

  View on GitHub
  An interactive shell to spoof some LOLBins command line
  ☆188Jan 27, 2024Updated 2 years ago
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆164Oct 5, 2024Updated last year
• d419h / IconJector

  View on GitHub
  Inject DLLs into the explorer process using icons
  ☆403May 18, 2025Updated 8 months ago
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• floesen / KExecDD

  View on GitHub
  Admin to Kernel code execution using the KSecDD driver
  ☆264Apr 19, 2024Updated last year
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆296Jul 31, 2024Updated last year
• trustedsec / The_Shelf

  View on GitHub
  Retired TrustedSec Capabilities
  ☆248Jan 5, 2026Updated last month
• ZERODETECTION / MSC_Dropper

  View on GitHub
  ☆248Jul 31, 2024Updated last year
• EvanMcBroom / lsa-whisperer

  View on GitHub
  Tools for interacting with authentication packages using their individual message protocols
  ☆368Feb 1, 2026Updated 2 weeks ago
• nbaertsch / AutoAppDomainHijack

  View on GitHub
  Automated .NET AppDomain hijack payload generation
  ☆129Feb 4, 2025Updated last year
• Ridter / atexec-pro

  View on GitHub
  Fileless atexec, no more need for port 445
  ☆404Mar 28, 2024Updated last year
• ipSlav / DirtyCLR

  View on GitHub
  An App Domain Manager Injection DLL PoC on steroids
  ☆211Dec 14, 2023Updated 2 years ago