CICADA8-Research/IHxExec

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/CICADA8-Research/IHxExec)

CICADA8-Research / IHxExec

Process injection alternative

☆406

Alternatives and similar repositories for IHxExec

Users that are interested in IHxExec are comparing it to the libraries listed below

Sorting:

JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆283Sep 18, 2024Updated last year
senzee1984 / EDRPrison
View on GitHub
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
☆458Aug 2, 2024Updated last year
CICADA8-Research / TypeLibWalker
View on GitHub
TypeLib persistence technique
☆140Oct 22, 2024Updated last year
CICADA8-Research / COMThanasia
View on GitHub
A set of programs for analyzing common vulnerabilities in COM
☆248Sep 8, 2024Updated last year
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆681Oct 23, 2024Updated last year
MalwareTech / EDR-Preloader
View on GitHub
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
☆541Feb 13, 2024Updated 2 years ago
antonioCoco / SspiUacBypass
View on GitHub
Bypassing UAC with SSPI Datagram Contexts
☆462Sep 24, 2023Updated 2 years ago
deepinstinct / DCOMUploadExec
View on GitHub
DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
☆382Dec 13, 2024Updated last year
senzee1984 / InflativeLoading
View on GitHub
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
☆325Apr 12, 2024Updated last year
WKL-Sec / LayeredSyscall
View on GitHub
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
☆298Jul 31, 2024Updated last year
Ridter / atexec-pro
View on GitHub
Fileless atexec, no more need for port 445
☆404Mar 28, 2024Updated last year
naksyn / DojoLoader
View on GitHub
Generic PE loader for fast prototyping evasion techniques
☆244Jul 2, 2024Updated last year
NtDallas / KrakenMask
View on GitHub
Sleep obfuscation
☆268Dec 13, 2024Updated last year
T3nb3w / ComDotNetExploit
View on GitHub
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
☆334Mar 6, 2025Updated 11 months ago
icyguider / UAC-BOF-Bonanza
View on GitHub
Collection of UAC Bypass Techniques Weaponized as BOFs
☆609Feb 21, 2024Updated 2 years ago
Octoberfest7 / enumhandles_BOF
View on GitHub
☆126Sep 1, 2024Updated last year
ElliotKillick / LdrLockLiberator
View on GitHub
For when DLLMain is the only way
☆424Oct 29, 2024Updated last year
0xEr3bus / RdpStrike
View on GitHub
Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.
☆250Jun 11, 2024Updated last year
passthehashbrowns / VectoredExceptionHandling
View on GitHub
☆108Aug 21, 2024Updated last year
CICADA8-Research / RemoteKrbRelay
View on GitHub
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
☆637May 8, 2025Updated 9 months ago
ricardojoserf / NativeDump
View on GitHub
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
☆701May 7, 2025Updated 9 months ago
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆434Dec 21, 2023Updated 2 years ago
ricardojoserf / TrickDump
View on GitHub
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
☆539May 9, 2025Updated 9 months ago
helviojunior / hookchain
View on GitHub
HookChain: A new perspective for Bypassing EDR Solutions
☆590Jan 5, 2025Updated last year
itm4n / PPLrevenant
View on GitHub
Bypass LSA protection using the BYODLL technique
☆172Sep 21, 2024Updated last year
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆368Apr 19, 2023Updated 2 years ago
klezVirus / DriverJack
View on GitHub
Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
☆360Aug 11, 2024Updated last year
CICADA8-Research / Spyndicapped
View on GitHub
COM ViewLogger — new malware keylogging technique
☆405Jan 6, 2025Updated last year
MzHmO / NtlmThief
View on GitHub
Extracting NetNTLM without touching lsass.exe
☆244Nov 27, 2023Updated 2 years ago
RedSiege / GraphStrike
View on GitHub
Cobalt Strike HTTPS beaconing over Microsoft Graph API
☆622Jun 25, 2024Updated last year
reveng007 / DarkWidow
View on GitHub
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
☆779Jan 26, 2026Updated last month
EvanMcBroom / perfect-loader
View on GitHub
Load a dynamic library from memory by modifying the native Windows loader
☆286Jun 18, 2025Updated 8 months ago
rad9800 / BootExecuteEDR
View on GitHub
☆409Dec 8, 2024Updated last year
netero1010 / GhostTask
View on GitHub
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
☆614Jan 2, 2025Updated last year
Tw1sm / SQL-BOF
View on GitHub
Library of BOFs to interact with SQL servers
☆223Dec 3, 2025Updated 3 months ago
RalfHacker / Kerbeus-BOF
View on GitHub
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
☆546Nov 23, 2025Updated 3 months ago
dobin / RedEdr
View on GitHub
Collect Windows telemetry for Maldev
☆460Jan 30, 2026Updated last month
kyleavery / AceLdr
View on GitHub
Cobalt Strike UDRL for memory scanner evasion.
☆1,006Jun 4, 2024Updated last year
rad9800 / FileRenameJunctionsEDRDisable
View on GitHub
☆159Dec 13, 2024Updated last year