Alternatives and similar repositories for Jormungandr

Users that are interested in Jormungandr are comparing it to the libraries listed below

• trustedsec / CS_COFFLoader

  View on GitHub
  ☆131Dec 4, 2023Updated 2 years ago
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆408Jan 11, 2026Updated last month
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆294Dec 3, 2023Updated 2 years ago
• Cracked5pider / LdrLibraryEx

  View on GitHub
  A small x64 library to load dll's into memory.
  ☆455Nov 6, 2023Updated 2 years ago
• S3cur3Th1sSh1t / Ruy-Lopez

  View on GitHub
  ☆319Jun 28, 2023Updated 2 years ago
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆603Apr 19, 2023Updated 2 years ago
• ElliotKillick / LdrLockLiberator

  View on GitHub
  For when DLLMain is the only way
  ☆423Oct 29, 2024Updated last year
• Octoberfest7 / MemFiles

  View on GitHub
  A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
  ☆474Jul 6, 2024Updated last year
• florylsk / RecycledInjector

  View on GitHub
  Native Syscalls Shellcode Injector
  ☆267Jul 2, 2023Updated 2 years ago
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆274Jan 23, 2025Updated last year
• CognisysGroup / SweetDreams

  View on GitHub
  Implementation of Advanced Module Stomping and Heap/Stack Encryption
  ☆225Jul 25, 2023Updated 2 years ago
• Kudaes / EPI

  View on GitHub
  Threadless Process Injection through entry point hijacking
  ☆351Sep 10, 2024Updated last year
• eversinc33 / Banshee

  View on GitHub
  Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
  ☆587Aug 2, 2025Updated 6 months ago
• XaFF-XaFF / Kernel-Process-Hollowing

  View on GitHub
  Windows x64 kernel mode rootkit process hollowing POC.
  ☆189Jun 30, 2023Updated 2 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• rasta-mouse / PPEnum

  View on GitHub
  Simple BOF to read the protection level of a process
  ☆118May 10, 2023Updated 2 years ago
• 0xTriboulet / Revenant

  View on GitHub
  Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework
  ☆389Jul 30, 2024Updated last year
• klezVirus / SilentMoonwalk

  View on GitHub
  PoC Implementation of a fully dynamic call stack spoofer
  ☆901Jul 20, 2024Updated last year
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆675Dec 23, 2022Updated 3 years ago
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆253Jun 25, 2023Updated 2 years ago
• ewby / Mockingjay_BOF

  View on GitHub
  Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
  ☆158Nov 7, 2023Updated 2 years ago
• x0reaxeax / PageSplit

  View on GitHub
  Splitting and executing shellcode across multiple pages
  ☆103Jun 8, 2023Updated 2 years ago
• iilegacyyii / ThreadlessInject-BOF

  View on GitHub
  BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…
  ☆394Jan 9, 2024Updated 2 years ago
• namazso / MagicSigner

  View on GitHub
  Signtool for expired certificates
  ☆515Jun 10, 2023Updated 2 years ago
• WKL-Sec / dcomhijack

  View on GitHub
  Lateral Movement Using DCOM and DLL Hijacking
  ☆326Jun 18, 2023Updated 2 years ago
• mansk1es / GhostFart

  View on GitHub
  ☆137Jun 21, 2023Updated 2 years ago
• XaFF-XaFF / Black-Angel-Rootkit

  View on GitHub
  Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
  ☆671Nov 9, 2023Updated 2 years ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• Idov31 / Venom

  View on GitHub
  Venom is a library that meant to perform evasive communication using stolen browser socket
  ☆396Sep 26, 2023Updated 2 years ago
• Kudaes / Unwinder

  View on GitHub
  Call stack spoofing for Rust
  ☆356Feb 7, 2025Updated last year
• Dec0ne / HWSyscalls

  View on GitHub
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆718Jul 19, 2023Updated 2 years ago
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,199Oct 16, 2023Updated 2 years ago
• hakaioffsec / coffee

  View on GitHub
  A COFF loader made in Rust
  ☆327Aug 20, 2025Updated 5 months ago
• Idov31 / Cronos

  View on GitHub
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆620Sep 26, 2023Updated 2 years ago
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆321Jul 2, 2023Updated 2 years ago
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆609Jan 2, 2025Updated last year
• daem0nc0re / VectorKernel

  View on GitHub
  PoCs for Kernelmode rootkit techniques research.
  ☆429Nov 4, 2025Updated 3 months ago
• Kudaes / Shelter

  View on GitHub
  ROP-based sleep obfuscation to evade memory scanners
  ☆375Jun 22, 2025Updated 7 months ago