Alternatives and similar repositories for BHUSA-2023

Users that are interested in BHUSA-2023 are comparing it to the libraries listed below

• deepinstinct / ContainYourself
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆311Updated last year
• ghostpepper108 / Evasion
  ☆107Updated 2 years ago
• BeetleChunks / Obligato
  This project is an implant framework designed for long term persistent access to Windows machines.
  ☆110Updated last year
• Bw3ll / ROP_ROCKET
  ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…
  ☆117Updated last month
• SafeBreach-Labs / MagicDot
  A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
  ☆98Updated last year
• synacktiv / DLHell
  Local & remote Windows DLL Proxying
  ☆164Updated 11 months ago
• Z4kSec / IoctlHunter
  IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.
  ☆101Updated last year
• RedTeamOperations / Journey-to-McAfee
  ☆113Updated 3 years ago
• mansk1es / GhostFart
  ☆136Updated last year
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆110Updated 8 months ago
• 20urc3 / Aplos
  Aplos an extremely simple fuzzer for Windows binaries.
  ☆69Updated 3 months ago
• sensepost / mydumbedr
  ☆119Updated last year
• TierZeroSecurity / edr_blocker
  Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…
  ☆141Updated 10 months ago
• YoavLevi / IAT-Tracer
  An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…
  ☆116Updated 10 months ago
• JanielDary / ImmoralFiber
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆264Updated 8 months ago
• gabriellandau / EDRSandblast-GodFault
  EDRSandblast-GodFault
  ☆265Updated last year
• outflanknl / edr-internals
  Tools for analyzing EDR agents
  ☆228Updated 11 months ago
• nop-tech / code_caver
  Python based WinDbg script to automate the search for code caves in binaries and libraries.
  ☆49Updated 4 months ago
• nettitude / Tartarus-TpAllocInject
  ☆184Updated last year
• xalicex / Killers
  Exploitation of process killer drivers
  ☆201Updated last year
• rtecCyberSec / Packer_Development
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆260Updated 11 months ago
• CICADA8-Research / COMThanasia
  A set of programs for analyzing common vulnerabilities in COM
  ☆215Updated 8 months ago
• daddycocoaman / dumpscan
  Finding secrets in kernel and user memory
  ☆116Updated last year
• pwnsauc3 / RWXfinder
  The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section
  ☆103Updated last year
• Kudaes / Split
  Apply a divide and conquer approach to bypass EDRs
  ☆280Updated last year
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆198Updated 4 months ago
• oldboy21 / JayFinder
  Find DLLs with RWX section
  ☆81Updated last year
• Cracked5pider / CodeCave
  A bunch of scripts and code i wrote.
  ☆141Updated 6 months ago
• Wh04m1001 / SysmonEoP
  ☆183Updated 2 years ago
• 0x4d5a-ctf / 38c3_com_talk
  Slides for COM Hijacking AV/EDR Talk on 38c3
  ☆74Updated 5 months ago