EvilBytecode/ExitPatcher external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

EvilBytecode/ExitPatcher

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/EvilBytecode/ExitPatcher)

Close

EvilBytecode / ExitPatcherView on GitHubMore

• External links
• Readme badge

Prevent in-process process termination by patching exit APIs

☆63Nov 9, 2025Updated 3 months ago

Alternatives and similar repositories for ExitPatcher

Users that are interested in ExitPatcher are comparing it to the libraries listed below

• AlmondOffSec / LibTPLoadLib

  View on GitHub
  Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…
  ☆75Nov 6, 2025Updated 3 months ago
• lsecqt / SessionView

  View on GitHub
  A portable C# utility for enumerating local and remote windows sessions
  ☆55Jan 1, 2026Updated last month
• bot984397 / eepy

  View on GitHub
  ☆38Apr 15, 2025Updated 10 months ago
• WKL-Sec / slack-udc2

  View on GitHub
  Cobalt Strike UDC2 implementation that provides an Slack C2 channel
  ☆60Jan 5, 2026Updated last month
• 0xflux / Vectored-Exception-Handling-Squared

  View on GitHub
  Vectored Exception Handling Squared
  ☆29Dec 27, 2025Updated 2 months ago
• EvilBytecode / PhantomDelay

  View on GitHub
  PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …
  ☆19May 8, 2025Updated 9 months ago
• garrettfoster13 / CVE-2025-59501

  View on GitHub
  CVE-2025-59501 POC code
  ☆25Nov 20, 2025Updated 3 months ago
• kas-sec / version.dll-sideloading

  View on GitHub
  sideloading PoC using onedrive.exe & version.dll
  ☆91Oct 30, 2025Updated 3 months ago
• wesmar / kvc

  View on GitHub
  KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch, skci.dll hijack, SeCiCallbacks redirection) and PP/PPL manipulatio…
  ☆164Jan 26, 2026Updated last month
• jakobfriedl / conquest

  View on GitHub
  Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.
  ☆258Updated this week
• Teach2Breach / rust_api_demo

  View on GitHub
  various methods of making API calls
  ☆19Feb 1, 2025Updated last year
• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆41Aug 28, 2024Updated last year
• Slowerzs / KeyJumper

  View on GitHub
  ☆53Mar 26, 2025Updated 11 months ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• C5Hackr / Eclipse

  View on GitHub
  A unique introduction to native runtime obfuscation.
  ☆75Mar 2, 2025Updated 11 months ago
• outflanknl / regcertipy

  View on GitHub
  Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does
  ☆95Jul 3, 2025Updated 7 months ago
• kozmer / sigdream

  View on GitHub
  sigreturn-oriented programming (SROP) based sleep obfuscation poc for Linux
  ☆66Dec 15, 2025Updated 2 months ago
• EspressoCake / ADIDNS_Parser

  View on GitHub
  Parser and reconciliation tooling for large Active Directory environments.
  ☆33Feb 18, 2025Updated last year
• hunters-sec / CVE-2025-55188-7z-exploit

  View on GitHub
  7z exploit POC versions prior to 25.01
  ☆33Aug 11, 2025Updated 6 months ago
• pruno7 / nEkko

  View on GitHub
  A nim port of C5pider's Ekko project.
  ☆17Oct 1, 2022Updated 3 years ago
• joaoviictorti / rustbof

  View on GitHub
  A Rust template for writing Beacon Object Files (BOFs)
  ☆97Feb 11, 2026Updated 2 weeks ago
• andreisss / Living-off-the-COM-Type-Coercion-Abuse

  View on GitHub
  This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…
  ☆52May 16, 2025Updated 9 months ago
• whokilleddb / funcshenanigans

  View on GitHub
  A bunch of shenanigans using functions, VEH and more
  ☆37Jun 8, 2025Updated 8 months ago
• asaurusrex / Silent_Chrome

  View on GitHub
  This code silently installs Chrome extensions on Mac, Windows, and Linux
  ☆128Jul 22, 2025Updated 7 months ago
• mwnickerson / COMHijackBOF

  View on GitHub
  ☆39Nov 25, 2025Updated 3 months ago
• cybersectroll / TrollDisappearKey

  View on GitHub
  ☆52Jul 8, 2025Updated 7 months ago
• MpCmdRun / uac-bypass

  View on GitHub
  ATL.dll and WmiMgmt.msc UAC Bypass
  ☆12Apr 26, 2025Updated 10 months ago
• pard0p / Remote-BOF-Runner

  View on GitHub
  Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …
  ☆89Jan 2, 2026Updated last month
• CICADA8-Research / RpcMotion

  View on GitHub
  Execute commands, in/exfiltrate files using your custom RPC Server
  ☆65Jan 13, 2026Updated last month
• EvilBytecode / Ebyte-AMSI-ProxyInjector

  View on GitHub
  A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…
  ☆62May 16, 2025Updated 9 months ago
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆185Jan 17, 2026Updated last month
• SlimeOnSecurity / PrintSpoofer-BOF

  View on GitHub
  ☆50May 4, 2025Updated 9 months ago
• edwig / HTTPSYS

  View on GitHub
  User-mode implementation of HTTP.SYS. Implements HTTP 1.1 of the "HTTP Server API 2.0" for web servers
  ☆44Feb 17, 2025Updated last year
• Octoberfest7 / ThreadCPUAssignment_POC

  View on GitHub
  A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread
  ☆30Sep 24, 2025Updated 5 months ago
• aeilot / stay-away-from-my-screen

  View on GitHub
  The instant digital "Do Not Touch" sign for your Mac. Stop fingerprints and protect your expensive display with one keystroke.
  ☆29Jan 13, 2026Updated last month
• magisterquis / sneaky_remap

  View on GitHub
  A C and Go /proc/pid/maps cloak of invisibilty for shared object files
  ☆21Nov 19, 2025Updated 3 months ago
• unkbyte / measured_boot_poc

  View on GitHub
  Leveraging TPM2 TCG Logs (Measured Boot) to Detect UEFI Drivers and Pre-Boot Applications
  ☆22Mar 28, 2025Updated 10 months ago
• onlytoxi / CVE-2025-8088-Winrar-Tool

  View on GitHub
  Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088
  ☆54Aug 18, 2025Updated 6 months ago
• synacktiv / windows_kernel_shadow_stack

  View on GitHub
  Proof of concepts demonstrating some aspects of the Windows kernel shadow stack mitigation.
  ☆54Jun 2, 2025Updated 8 months ago