Alternatives and similar repositories for HolyGrail

Users that are interested in HolyGrail are comparing it to the libraries listed below

• maxDcb / C2Implant
  Windows C++ Implant for Exploration C2
  ☆45Updated last month
• hwbp / LazyHook
  Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.
  ☆126Updated last month
• ANYLNK / NSecSoftBYOVD
  NSecSoftBYOVD POC
  ☆53Updated 4 months ago
• 0xTriboulet / scepter-rs
  A hacky way of getting cross-arch/platform support in Cobalt Strike
  ☆38Updated 4 months ago
• wolfcod / beacondbg
  Beacon Debugger
  ☆55Updated last year
• internetangel / ZeroCrumb
  Dumping App Bound Protected Credentials & Cookies Without Privileges.
  ☆167Updated 7 months ago
• NUL0x4C / HookingLsassForCredentials
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆61Updated 8 months ago
• fern89 / C2
  A basic C2 framework written in C
  ☆60Updated last year
• WKL-Sec / StackMask
  A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.
  ☆66Updated 2 years ago
• 0xTriboulet / rdll-rs
  A reflective DLL development template for the Rust programming language
  ☆112Updated 2 months ago
• EvilBytecode / IDontLikeFileLocks
  Title is self explaining, well theres few methods we can do to read locked file and play with it...
  ☆80Updated 2 weeks ago
• 0xedh / DEFCON33-KillChainReloaded
  Repository for the DEF CON 33 talk: Kill Chain Reloaded
  ☆77Updated 5 months ago
• Whitecat18 / static_encrypt
  Static Encrypt is an crate that encrypts string literals at compile time and only decrypted at runtime when needed.
  ☆45Updated this week
• EvilBytecode / Nyx-Full-Dll-Unhook
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆50Updated 7 months ago
• outflanknl / nix_bof_template
  Beacon Object File (BOF) Template
  ☆61Updated last year
• entropy-z / PostEx-Arsenal
  Arsenal of modules to beacon postex
  ☆92Updated last month
• oldboy21 / SyscallMeMaybe
  Implementation of Indirect Syscall technique to pop a calc.exe
  ☆113Updated last year
• Ap3x / COFF-Loader
  A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader
  ☆64Updated 2 years ago
• Cracked5pider / kaine-assembly
  a demo module for the kaine agent to execute and inject assembly modules
  ☆42Updated last year
• TwoSevenOneT / DefenderWrite
  A tool that supports finding and abusing whitelisted programs to allow arbitrary file writing into the executable folder of Antivirus sof…
  ☆80Updated 2 months ago
• Teach2Breach / snapinject_rs
  A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
  ☆50Updated 11 months ago
• ofasgard / execute-assembly-pico
  A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
  ☆124Updated last month
• ProcessusT / HavocHub
  PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are rela…
  ☆43Updated 6 months ago
• ph3n1x007 / EarlyBirdNTDLL
  ☆37Updated 2 years ago
• Teach2Breach / phantom_persist_rs
  Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence
  ☆62Updated 6 months ago
• Meowmycks / etwunhook
  Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.
  ☆53Updated last year
• kyxiaxiang / AV_EDR_EPP_Notes
  ☆62Updated last year
• 0x3rhy / BypassCredGuard-BOF
  BypassCredGuard CS BOF
  ☆48Updated 11 months ago
• joaoviictorti / coffeeldr
  A COFF Loader written in Rust
  ☆133Updated last month
• djackreuter / btexec
  Execute shellcode via Bluetooth device authentication
  ☆40Updated 11 months ago