CylanceVulnResearch/ReflectiveDLLRefresher external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

CylanceVulnResearch/ReflectiveDLLRefresher

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/CylanceVulnResearch/ReflectiveDLLRefresher)

Close

CylanceVulnResearch / ReflectiveDLLRefresherView on GitHubMore

• External links
• Readme badge

Universal Unhooking

☆326Sep 19, 2018Updated 7 years ago

Alternatives and similar repositories for ReflectiveDLLRefresher

Users that are interested in ReflectiveDLLRefresher are comparing it to the libraries listed below

• forrest-orr / phantom-dll-hollower-poc

  View on GitHub
  Phantom DLL hollowing PoC
  ☆371May 23, 2022Updated 3 years ago
• CCob / goreflect

  View on GitHub
  Reflective DLL loading of your favorite Golang program
  ☆173Jan 27, 2020Updated 6 years ago
• outflanknl / TamperETW

  View on GitHub
  PoC to demonstrate how CLR ETW events can be tampered.
  ☆192Mar 26, 2020Updated 5 years ago
• Accenture / CLRvoyance

  View on GitHub
  Managed assembly shellcode generation
  ☆280Mar 19, 2021Updated 4 years ago
• rsmudge / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆282Sep 18, 2021Updated 4 years ago
• outflanknl / FindObjects-BOF

  View on GitHub
  A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…
  ☆275May 3, 2023Updated 2 years ago
• outflanknl / InlineWhispers

  View on GitHub
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
  ☆321Nov 9, 2021Updated 4 years ago
• forrest-orr / artifacts-kit

  View on GitHub
  Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windo…
  ☆233Mar 18, 2024Updated last year
• monoxgas / Koppeling

  View on GitHub
  Adaptive DLL hijacking / dynamic export forwarding
  ☆807Jul 6, 2020Updated 5 years ago
• zeroSteiner / crimson-forge

  View on GitHub
  Sustainable shellcode evasion
  ☆112Dec 11, 2024Updated last year
• FSecureLABS / Ninjasploit

  View on GitHub
  A meterpreter extension for applying hooks to avoid windows defender memory scans
  ☆249Aug 13, 2020Updated 5 years ago
• med0x2e / ExecuteAssembly

  View on GitHub
  Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…
  ☆595Jul 26, 2021Updated 4 years ago
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆293Dec 3, 2023Updated 2 years ago
• rasta-mouse / TikiTorch

  View on GitHub
  Process Injection
  ☆766Oct 24, 2021Updated 4 years ago
• jthuraisamy / SysWhispers

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,990Jan 1, 2023Updated 3 years ago
• jthuraisamy / TelemetrySourcerer

  View on GitHub
  Enumerate and disable common sources of telemetry used by AV/EDR.
  ☆819Mar 11, 2021Updated 4 years ago
• b4rtik / ATPMiniDump

  View on GitHub
  Evading WinDefender ATP credential-theft
  ☆255Dec 2, 2019Updated 6 years ago
• phra / PEzor

  View on GitHub
  Open-Source Shellcode & PE Packer
  ☆2,069Feb 3, 2024Updated 2 years ago
• outflanknl / Dumpert

  View on GitHub
  LSASS memory dumper using direct system calls and API unhooking.
  ☆1,576Jan 5, 2021Updated 5 years ago
• hoangprod / AndrewSpecial

  View on GitHub
  AndrewSpecial, dumping lsass' memory stealthily and bypassing "Cilence" since 2019.
  ☆390Jun 2, 2019Updated 6 years ago
• monoxgas / sRDI

  View on GitHub
  Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
  ☆2,503Nov 15, 2023Updated 2 years ago
• nettitude / RunOF

  View on GitHub
  ☆153Jan 6, 2023Updated 3 years ago
• med0x2e / NoAmci

  View on GitHub
  Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
  ☆219Mar 5, 2020Updated 6 years ago
• outflanknl / Ps-Tools

  View on GitHub
  Ps-Tools, an advanced process monitoring toolkit for offensive operations
  ☆355Dec 1, 2020Updated 5 years ago
• hasherezade / module_overloading

  View on GitHub
  A more stealthy variant of "DLL hollowing"
  ☆363Mar 8, 2024Updated last year
• jackullrich / ShellcodeStdio

  View on GitHub
  An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.
  ☆533Jul 2, 2025Updated 8 months ago
• thefLink / RecycledGate

  View on GitHub
  Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
  ☆499Feb 3, 2022Updated 4 years ago
• outflanknl / WdToggle

  View on GitHub
  A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
  ☆220May 3, 2023Updated 2 years ago
• rokups / ReflectiveLdr

  View on GitHub
  Position-idependent Windows DLL loader based on ReflectiveDLL project.
  ☆101Nov 5, 2018Updated 7 years ago
• JLospinoso / gargoyle

  View on GitHub
  A memory scanning evasion technique
  ☆899May 24, 2017Updated 8 years ago
• ajpc500 / BOFs

  View on GitHub
  Collection of Beacon Object Files
  ☆633Nov 1, 2022Updated 3 years ago
• mdsecactivebreach / firewalker

  View on GitHub
  ☆155Aug 17, 2020Updated 5 years ago
• mgeeky / UnhookMe

  View on GitHub
  UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …
  ☆349Jul 3, 2022Updated 3 years ago
• dismantl / ImprovedReflectiveDLLInjection

  View on GitHub
  An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security
  ☆341Jul 30, 2017Updated 8 years ago
• ionescu007 / faxhell

  View on GitHub
  A Bind Shell Using the Fax Service and a DLL Hijack
  ☆332May 3, 2020Updated 5 years ago
• boku7 / HOLLOW

  View on GitHub
  EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…
  ☆291Mar 8, 2023Updated 2 years ago
• CCob / SharpBlock

  View on GitHub
  A method of bypassing EDR's active projection DLL's by preventing entry point exection
  ☆1,163Mar 31, 2021Updated 4 years ago
• NytroRST / ShellcodeCompiler

  View on GitHub
  Shellcode Compiler
  ☆1,149Sep 1, 2024Updated last year
• RedSiege / EXCELntDonut

  View on GitHub
  Excel 4.0 (XLM) Macro Generator for injecting DLLs and EXEs into memory.
  ☆513Sep 23, 2020Updated 5 years ago