Alternatives and similar repositories for PyinMemoryPE

Users that are interested in PyinMemoryPE are comparing it to the libraries listed below

• EvilBytecode / Shellcode-Loader
  This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.
  ☆85Updated 6 months ago
• Leo4j / ShellGen
  PowerShell script to generate ShellCode in various formats
  ☆43Updated last year
• brosck / L1LKiller
  「⚠️」Performing a BYOVD on the truesight.sys driver
  ☆44Updated 10 months ago
• 0xNinjaCyclone / PowerLoad3r
  Malicious powershell scripts loader designed to avoid detection.
  ☆58Updated 2 years ago
• p4p1 / havoc-ligolo
  A Havoc UI tool to pivot onto a machine using ligolo-ng
  ☆49Updated last year
• The-Viper-One / Invoke-RDPThief
  Inject RDPThief into memory with PowerShell.
  ☆65Updated 9 months ago
• Primusinterp / PrimusC2
  A C2 framework built for my bachelors thesis
  ☆56Updated last year
• 0xNinjaCyclone / AsmLdr
  Dynamic shellcode loader with sophisticated evasion capabilities
  ☆207Updated 3 weeks ago
• BlackShell256 / Null-AMSI
  Null-AMSI is an AMSI and ETW bypass that takes advantage of .NET types (.NET Reflection) to bypassing AV/EDR.
  ☆78Updated 4 months ago
• fanbyprinciple / bin2shellcode
  .bin file to shellcode convertor
  ☆38Updated last year
• zflemingg1 / AM0N-Eye
  ☆24Updated last year
• oh-az / NoArgs
  NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…
  ☆154Updated last year
• Maldev-Academy / AlphabeticalPolyShellGen
  Generate an Alphabetical Polymorphic Shellcode
  ☆130Updated 2 months ago
• almounah / go-buena-clr
  Good CLR Host with Native patchless AMSI Bypass
  ☆95Updated 6 months ago
• Aur3ns / LsassStealer
  Morpheus is an lsass stealer that extracts lsass.exe in RAM and exfiltrates it via forged and crypted NTP packets. For authorized testin…
  ☆118Updated 4 months ago
• matro7sh / matro7sh_loaders
  this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)
  ☆83Updated last year
• inb1ts / CSSHide
  Encodes a payload within a generated mock-CSS file
  ☆59Updated 2 years ago
• synacktiv / CVE-2024-43468
  ☆92Updated 9 months ago
• CICADA8-Research / LogHunter
  Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)
  ☆75Updated last year
• S3N4T0R-0X0 / Checkmate
  payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter
  ☆107Updated last year
• S3cur3Th1sSh1t / My-starred-Repositories
  This is my starred repositories including the description for each tool. Makes search/filter over them easier.
  ☆54Updated 8 months ago
• MzHmO / DebugAmsi
  DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
  ☆98Updated 2 years ago
• moscowchill / LSTAR-EN
  LSTAR - CobaltStrike Translated to EN
  ☆22Updated 2 years ago
• DevBuiHieu / CVE-2025-33053-Proof-Of-Concept
  CVE-2025-33053 Proof Of Concept (PoC)
  ☆60Updated 4 months ago
• RWXstoned / GimmeShelter
  Situational Awareness script to identify how and where to run implants
  ☆67Updated 10 months ago
• 0xb11a1 / sliver_extension_uac_bypass_cmstp
  Sliver extension to bypass UAC via cmstp written in rust
  ☆31Updated last year
• Darkrain2009 / RedExt
  Chrome browser extension-based Command & Control
  ☆183Updated 3 months ago
• cisagov / snafflepy
  Snaffler reimplementation in Python - https://github.com/SnaffCon/Snaffler
  ☆112Updated 3 months ago
• nocerainfosec / TakeMyRDP2.0
  An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard in…
  ☆105Updated 2 years ago
• smokeme / ansible-havoc
  Scripts I use to deploy Havoc on Linode and setup categorization and SSL
  ☆42Updated last year