Alternatives and similar repositories for BHUSA-2023:

Users that are interested in BHUSA-2023 are comparing it to the libraries listed below

• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆103Updated 6 months ago
• synacktiv / DLHell
  Local & remote Windows DLL Proxying
  ☆161Updated 8 months ago
• SafeBreach-Labs / MagicDot
  A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
  ☆96Updated 10 months ago
• BeetleChunks / Obligato
  This project is an implant framework designed for long term persistent access to Windows machines.
  ☆111Updated last year
• mansk1es / GhostFart
  ☆134Updated last year
• xalicex / Killers
  Exploitation of process killer drivers
  ☆197Updated last year
• 20urc3 / Aplos
  Aplos an extremely simple fuzzer for Windows binaries.
  ☆68Updated 3 weeks ago
• ghostpepper108 / Evasion
  ☆107Updated last year
• Bw3ll / ROP_ROCKET
  ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…
  ☆115Updated this week
• deepinstinct / ContainYourself
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆308Updated last year
• Cracked5pider / CodeCave
  A bunch of scripts and code i wrote.
  ☆134Updated 4 months ago
• naksyn / ProcessStomping
  A variation of ProcessOverwriting to execute shellcode on an executable's section
  ☆147Updated last year
• Sh3lldon / RemoteApp
  I have created these custom servers for preparing EXP-301 course (aka WUMED) exam and hope it will help to take OSED certification. Feel …
  ☆45Updated last year
• outflanknl / edr-internals
  Tools for analyzing EDR agents
  ☆221Updated 9 months ago
• MythicAgents / Hannibal
  A Mythic Agent written in PIC C.
  ☆175Updated last month
• gabriellandau / EDRSandblast-GodFault
  EDRSandblast-GodFault
  ☆250Updated last year
• xrombar / flower
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆92Updated 11 months ago
• JanielDary / ImmoralFiber
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆256Updated 5 months ago
• rad9800 / FileRenameJunctionsEDRDisable
  ☆148Updated 3 months ago
• Z4kSec / IoctlHunter
  IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.
  ☆98Updated last year
• pwnsauc3 / RWXfinder
  The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section
  ☆99Updated last year
• Kudaes / rust_tips_and_tricks
  Rust For Windows Cheatsheet
  ☆115Updated 4 months ago
• nop-tech / code_caver
  Python based WinDbg script to automate the search for code caves in binaries and libraries.
  ☆44Updated 2 months ago
• Idov31 / Jormungandr
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆229Updated last year
• 0x4d5a-ctf / 38c3_com_talk
  Slides for COM Hijacking AV/EDR Talk on 38c3
  ☆72Updated 2 months ago
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆245Updated 10 months ago
• oldboy21 / JayFinder
  Find DLLs with RWX section
  ☆76Updated last year
• x42en / sysplant
  Your syscall factory
  ☆120Updated last week
• rasta-mouse / PPEnum
  Simple BOF to read the protection level of a process
  ☆114Updated last year