Alternatives and similar repositories for BHUSA-2023:

Users that are interested in BHUSA-2023 are comparing it to the libraries listed below

• synacktiv / DLHell
  Local & remote Windows DLL Proxying
  ☆162Updated 9 months ago
• BeetleChunks / Obligato
  This project is an implant framework designed for long term persistent access to Windows machines.
  ☆110Updated last year
• ghostpepper108 / Evasion
  ☆107Updated last year
• rad9800 / FileRenameJunctionsEDRDisable
  ☆149Updated 3 months ago
• sensepost / mydumbedr
  ☆114Updated last year
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆106Updated 6 months ago
• SafeBreach-Labs / MagicDot
  A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
  ☆96Updated 11 months ago
• 20urc3 / Aplos
  Aplos an extremely simple fuzzer for Windows binaries.
  ☆68Updated last month
• Z4kSec / IoctlHunter
  IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.
  ☆98Updated last year
• outflanknl / edr-internals
  Tools for analyzing EDR agents
  ☆221Updated 9 months ago
• Bw3ll / ROP_ROCKET
  ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…
  ☆115Updated 2 weeks ago
• deepinstinct / ContainYourself
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆308Updated last year
• Kudaes / Bin-Finder
  Detect EDR's exceptions by inspecting processes' loaded modules
  ☆130Updated last year
• fin3ss3g0d / NativeThreadpool
  Work, timer, and wait callback example using solely Native Windows APIs.
  ☆86Updated last year
• NVISOsecurity / codasm
  Payload encoding utility to effectively lower payload entropy.
  ☆113Updated 4 months ago
• PacktPublishing / Windows-APT-Warfare
  Windows APT Warfare, published by Packt
  ☆66Updated 2 years ago
• NtDallas / Svartalfheim
  Stage 0
  ☆154Updated 3 months ago
• oldboy21 / JayFinder
  Find DLLs with RWX section
  ☆78Updated last year
• naksyn / ProcessStomping
  A variation of ProcessOverwriting to execute shellcode on an executable's section
  ☆147Updated last year
• mansk1es / GhostFart
  ☆133Updated last year
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆169Updated 2 months ago
• oldkingcone / BYOSI
  Evade EDR's the simple way, by not touching any of the API's they hook.
  ☆89Updated last month
• xalicex / Killers
  Exploitation of process killer drivers
  ☆198Updated last year
• nop-tech / code_caver
  Python based WinDbg script to automate the search for code caves in binaries and libraries.
  ☆45Updated 2 months ago
• tijme / amd-ryzen-master-driver-v17-exploit
  Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).
  ☆138Updated 2 years ago
• Octoberfest7 / Secure_Stager
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆183Updated 3 months ago
• Wh04m1001 / SysmonEoP
  ☆182Updated 2 years ago
• xrombar / flower
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆92Updated 11 months ago