Alternatives and similar repositories for conti_locker

Users that are interested in conti_locker are comparing it to the libraries listed below

• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆294Dec 3, 2023Updated 2 years ago
• Cracked5pider / KaynLdr

  View on GitHub
  KaynLdr is a Reflective Loader written in C/ASM
  ☆555Dec 3, 2023Updated 2 years ago
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,294Mar 21, 2025Updated 10 months ago
• XaFF-XaFF / Cronos-Rootkit

  View on GitHub
  Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
  ☆933Mar 29, 2022Updated 3 years ago
• alfarom256 / StinkyLoader

  View on GitHub
  It stinks
  ☆105Apr 22, 2022Updated 3 years ago
• Yaxser / COFFLoader2

  View on GitHub
  Load and execute COFF files and Cobalt Strike BOFs in-memory
  ☆226Sep 13, 2022Updated 3 years ago
• Idov31 / Cronos

  View on GitHub
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆621Sep 26, 2023Updated 2 years ago
• Cracked5pider / Ekko

  View on GitHub
  Sleep Obfuscation
  ☆814Dec 3, 2023Updated 2 years ago
• trustedsec / Windows-MS-LSAT-RPC-Example

  View on GitHub
  Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD
  ☆28Jan 4, 2024Updated 2 years ago
• trickster0 / TartarusGate

  View on GitHub
  TartarusGate, Bypassing EDRs
  ☆649Jan 25, 2022Updated 4 years ago
• 0xhido / BlueLight

  View on GitHub
  Open-source EDR kernel-component for system monitoring and DLL injection
  ☆33Nov 14, 2020Updated 5 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,004Jun 4, 2024Updated last year
• joe-desimone / patriot

  View on GitHub
  ☆153Jul 31, 2022Updated 3 years ago
• mdsecactivebreach / com_inject

  View on GitHub
  ☆206Apr 5, 2022Updated 3 years ago
• Sh0ckFR / Lockbit3.0-MpClient-Defender-PoC

  View on GitHub
  Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC
  ☆177Aug 1, 2022Updated 3 years ago
• Hildaboo / BabukRansomwareSourceCode

  View on GitHub
  Leaked source code of the babuk ransomware by VXUG
  ☆288Sep 11, 2023Updated 2 years ago
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,585Jul 31, 2024Updated last year
• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆41Aug 28, 2024Updated last year
• reveng007 / ReflectiveNtdll

  View on GitHub
  A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…
  ☆181Feb 10, 2023Updated 3 years ago
• Narumiii / phantommap

  View on GitHub
  Phantom DLL Hollowing method implemented in modmap
  ☆18Jun 9, 2021Updated 4 years ago
• bb107 / ServiceCall

  View on GitHub
  Interprocess communication library, providing the ability to call functions from each other
  ☆20Oct 3, 2019Updated 6 years ago
• Crypt0s / Ekko_CFG_Bypass

  View on GitHub
  A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
  ☆113Aug 29, 2022Updated 3 years ago
• NUL0x4C / DeleteShadowCopies

  View on GitHub
  Deleting Shadow Copies In Pure C++
  ☆118Oct 31, 2022Updated 3 years ago
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆536Aug 1, 2022Updated 3 years ago
• zeroperil / HookDump

  View on GitHub
  Security product hook detection
  ☆323Mar 30, 2021Updated 4 years ago
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆138Sep 12, 2022Updated 3 years ago
• mdsecactivebreach / ParallelSyscalls

  View on GitHub
  ☆169Jan 7, 2022Updated 4 years ago
• APTortellini / DefenderSwitch

  View on GitHub
  Stop Windows Defender using the Win32 API
  ☆193Feb 2, 2022Updated 4 years ago
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆274Jan 23, 2025Updated last year
• mgeeky / ShellcodeFluctuation

  View on GitHub
  An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…
  ☆1,083Jun 17, 2022Updated 3 years ago
• Dec0ne / HWSyscalls

  View on GitHub
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆718Jul 19, 2023Updated 2 years ago
• paranoidninja / PIC-Get-Privileges

  View on GitHub
  Building and Executing Position Independent Shellcode from Object Files in Memory
  ☆166Jan 30, 2021Updated 5 years ago
• boku7 / BokuLoader

  View on GitHub
  A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
  ☆1,398Nov 22, 2023Updated 2 years ago
• rad9800 / TamperingSyscalls

  View on GitHub
  ☆504Aug 14, 2022Updated 3 years ago
• Wra7h / FlavorTown

  View on GitHub
  Various ways to execute shellcode
  ☆508Mar 13, 2024Updated last year
• janoglezcampos / rust_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆230Mar 23, 2023Updated 2 years ago
• RistBS / ContextMenuHijack

  View on GitHub
  Execute a payload at each right click on a file/folder in the explorer menu for persistence
  ☆176Mar 15, 2023Updated 2 years ago
• nettitude / RunOF

  View on GitHub
  ☆152Jan 6, 2023Updated 3 years ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆243Sep 26, 2023Updated 2 years ago