Alternatives and similar repositories for RubyRedOps

Users that are interested in RubyRedOps are comparing it to the libraries listed below

• EvilBytecode / Ebyte-AMSI-ProxyInjector
  A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…
  ☆41Updated 2 months ago
• EvilBytecode / Ntdll-Unhook
  Unhook Ntdll.dll, Go & C++.
  ☆25Updated 2 months ago
• EvilBytecode / EvilByte-Remote-AMSI-Bypass
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆44Updated 2 months ago
• Faran-17 / Hellshazzard
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆75Updated 11 months ago
• ameenalkerdy / ETWShellcodeLoader
  Shellcode Loader Utilizing ETW Events
  ☆63Updated 4 months ago
• Chainski / GlobalAMSIBypass
  Performs a global AMSI bypass by patching amsi.dll in memory.
  ☆12Updated last month
• cbrnrd / maliketh
  🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python
  ☆45Updated last year
• MythicAgents / Kharon
  C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…
  ☆70Updated this week
• itaymigdal / PartyLoader
  Threadless shellcode injection tool
  ☆66Updated 11 months ago
• Maldev-Academy / HookingLsassForCredentials
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆48Updated 2 months ago
• Teach2Breach / dll2shell
  converts sRDI compatible dlls to shellcode
  ☆29Updated 5 months ago
• tdeerenberg / InlineWhispers3
  Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
  ☆85Updated last week
• NUL0x4C / FetchPayloadFromDummyFile
  Construct the payload at runtime using an array of offsets
  ☆63Updated last year
• deh00ni / NtDumpBOF
  ☆96Updated 10 months ago
• zero2504 / Early-Cryo-Bird-Injections
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆99Updated 3 months ago
• EvilBytecode / Shellcode-Loader
  This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.
  ☆72Updated 2 months ago
• NUL0x4C / HookingLsassForCredentials
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆53Updated 2 months ago
• EvilBytecode / ThunderKitty-Ransomware
  Ransomware written in go, encrypt - decrypt.
  ☆25Updated 2 months ago
• brosck / L1LKiller
  「⚠️」Performing a BYOVD on the truesight.sys driver
  ☆38Updated 7 months ago
• pygrum / gimmick
  Section-based payload obfuscation technique for x64
  ☆61Updated 11 months ago
• nbaertsch / PoolProxy
  Proxy function calls through the thread pool with ease
  ☆28Updated 4 months ago
• Offensive-Panda / D3MPSEC
  "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…
  ☆24Updated 9 months ago
• voidvxvt / HellBunny
  Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks
  ☆111Updated 6 months ago
• EvilBytecode / Nyx-Full-Dll-Unhook
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆35Updated last month
• EvilBytecode / Amsi-Patch-Updated-2025
  How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.
  ☆20Updated 2 months ago
• almounah / GoDroplets
  Go Shellcode Loader to be Integrated in Exploration C2
  ☆27Updated 5 months ago
• NtDallas / Ulfberht
  Shellcode loader
  ☆89Updated 7 months ago
• S12cybersecurity / NinjaInjector
  Classic Process Injection with Memory Evasion Techniques implemantation
  ☆70Updated last year
• Leo4j / PPLKiller
  Tool to bypass LSA Protection (aka Protected Process Light)
  ☆54Updated 6 months ago
• EvilBytecode / Evilbytecode-Shellcode-Go-Tactics
  A mutliple tactics to execute shellcode in go :}
  ☆20Updated 2 months ago