FatCyclone/D-Pwn external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

FatCyclone/D-Pwn

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/FatCyclone/D-Pwn)

Close

FatCyclone / D-PwnView on GitHubMore

• External links
• Readme badge

D/Invoke standalone shellcode runners

☆40Nov 23, 2023Updated 2 years ago

Alternatives and similar repositories for D-Pwn

Users that are interested in D-Pwn are comparing it to the libraries listed below

• superhac / OSEP

  View on GitHub
  ☆21Dec 1, 2021Updated 4 years ago
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• szymex73 / ADFSpoof

  View on GitHub
  ☆12Feb 7, 2023Updated 3 years ago
• dreamkinn / CompileCSDocker

  View on GitHub
  Compile SharpHound and others on Linux
  ☆24Aug 16, 2024Updated last year
• GetRektBoy724 / HalosUnhooker

  View on GitHub
  Halos Gate-based NTAPI Unhooker
  ☆52Apr 21, 2022Updated 3 years ago
• tothi / malicious-service

  View on GitHub
  Minimal Windows Service Template for demonstrating privilege escalation via weak service executable permissions
  ☆14Nov 13, 2022Updated 3 years ago
• TomOS3 / UserModeUnhooking

  View on GitHub
  This project is created for research into antivirus evasion by unhooking.
  ☆18Sep 2, 2021Updated 4 years ago
• CryptoBreach / UnhookPoC

  View on GitHub
  A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.
  ☆10Dec 16, 2021Updated 4 years ago
• dmcxblue / NtCreateUserProcessBOF

  View on GitHub
  An Aggressor Script that utilizes NtCreateUserProcess to run binaries
  ☆31Jan 30, 2025Updated last year
• Wra7h / ARCInject

  View on GitHub
  Overwrite a process's recovery callback and execute with WER
  ☆101Apr 17, 2022Updated 3 years ago
• dim0x69 / dns-exe-persistance

  View on GitHub
  ☆46May 9, 2017Updated 8 years ago
• securifybv / BOFRyptor

  View on GitHub
  ☆123Oct 9, 2023Updated 2 years ago
• Wra7h / SharpGhosting

  View on GitHub
  Process Ghosting in C#
  ☆219Jan 24, 2022Updated 4 years ago
• rtecCyberSec / RAITrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying
  ☆170Jul 22, 2025Updated 8 months ago
• OmriBaso / WTSImpersonator

  View on GitHub
  WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"
  ☆122Jul 2, 2024Updated last year
• passthehashbrowns / Being-A-Good-CLR-Host

  View on GitHub
  ☆87Jan 21, 2025Updated last year
• pard0p / CallstackSpoofingPOC

  View on GitHub
  C++ self-Injecting dropper based on various EDR evasion techniques.
  ☆426Feb 11, 2024Updated 2 years ago
• GetRektBoy724 / SyscallShuffler

  View on GitHub
  Your NTDLL vaccine from modern direct syscall methods.
  ☆36Apr 5, 2022Updated 3 years ago
• Octoberfest7 / OSEP-Tools

  View on GitHub
  ☆300Mar 31, 2022Updated 3 years ago
• sudonoodle / Aggressor-NTFY

  View on GitHub
  Cobalt Strike notifications via NTFY.
  ☆15Sep 24, 2024Updated last year
• 3xploit666 / AmsiResurrect

  View on GitHub
  ☆12Mar 8, 2026Updated 2 weeks ago
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• cogiceo / AAN

  View on GitHub
  Access All Networks: an offensive multitool against 802.1X
  ☆20Aug 25, 2025Updated 6 months ago
• Accenture / Codecepticon

  View on GitHub
  .NET/PowerShell/VBA Offensive Security Obfuscator
  ☆520Feb 1, 2024Updated 2 years ago
• LloydLabs / shellcode-plain-sight

  View on GitHub
  Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
  ☆211Nov 12, 2025Updated 4 months ago
• OtterHacker / SetProcessInjection

  View on GitHub
  ☆153Oct 2, 2023Updated 2 years ago
• susMdT / effective-waffle

  View on GitHub
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69May 11, 2023Updated 2 years ago
• OtterHacker / ShareFouine

  View on GitHub
  ☆53Oct 29, 2024Updated last year
• rad9800 / FileRenameJunctionsEDRDisable

  View on GitHub
  ☆159Dec 13, 2024Updated last year
• jfmaes / DeepSleep

  View on GitHub
  all credits go to @mgeeky
  ☆65Oct 14, 2021Updated 4 years ago
• EspressoCake / ReadRemoteProcessCommandline_BOF

  View on GitHub
  ☆29May 10, 2024Updated last year
• Meowmycks / etwunhook

  View on GitHub
  Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.
  ☆54Feb 29, 2024Updated 2 years ago
• RedSiege / jargon

  View on GitHub
  ☆155Mar 5, 2026Updated 2 weeks ago
• thefLink / RecycledGate

  View on GitHub
  Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
  ☆500Feb 3, 2022Updated 4 years ago
• MzHmO / DebugAmsi

  View on GitHub
  DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
  ☆102Sep 18, 2023Updated 2 years ago
• draktuls / IAF-EAF-Shellcode-bypass-PoC

  View on GitHub
  Shellcode capable of bypassing EAF / IAF mitigations
  ☆28Apr 11, 2023Updated 2 years ago
• plackyhacker / SandboxDefender

  View on GitHub
  C# code to Sandbox Defender (and most probably other AV/EDRs).
  ☆167Apr 22, 2022Updated 3 years ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• gatariee / ldrgen

  View on GitHub
  Template-based generation of shellcode loaders
  ☆80Apr 20, 2024Updated last year