Alternatives and similar repositories for Exorcism

Users that are interested in Exorcism are comparing it to the libraries listed below

• AdvDebug / BehavEye
  Advanced dynamic malware analysis tool.
  ☆82Updated last year
• symeonp / Lenovo-CVE-2025-8061
  PoC for popping a system shell against the LnvMSRIO.sys driver
  ☆115Updated 2 months ago
• EvilBytecode / TaskMgr-Troll
  Troll TaskManager, and play with it .
  ☆28Updated 4 months ago
• moom825 / XenoStealer
  ☆49Updated last year
• fcccode / Vx-Engines
  Collection of source code for Polymorphic, Metamorphic, and Permutation Engines used in Malware
  ☆30Updated 6 years ago
• EvilBytecode / Evilbytecode-Gate
  Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…
  ☆24Updated 7 months ago
• EvilBytecode / ThunderKitty-Ransomware
  Ransomware written in go, encrypt - decrypt.
  ☆30Updated 7 months ago
• itaymigdal / PichichiH0ll0wer
  Nim process hollowing loader
  ☆60Updated 4 months ago
• micREsoft / SysCaller
  SysCaller: SDK for WindowsAPI via syscalls. Dynamic Resolution, Obfuscation, Multi-Language Bindings, & more!
  ☆50Updated 3 weeks ago
• knight0x07 / BumbleCrypt
  A Bumblebee-inspired Crypter
  ☆78Updated 3 years ago
• C5Hackr / PEB-Redirection
  ☆12Updated last year
• ZeroMemoryEx / URootkit
  simple user-mode Rootkit
  ☆107Updated 3 years ago
• EvilBytecode / EvilByte-Remote-AMSI-Bypass
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆54Updated 7 months ago
• Dump-GUY / sc2pe
  Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE
  ☆66Updated 2 years ago
• hasherezade / shellc_encoder
  Standalone Metasploit-like XOR encoder for shellcode
  ☆50Updated last year
• EvilBytecode / Ebyte-Syscalls
  Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…
  ☆104Updated last month
• woldann / NThread
  Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…
  ☆58Updated 2 months ago
• Cracked5pider / unguard-eat
  havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets
  ☆41Updated last year
• AlSch092 / HideStaticReferences
  Research into removing strings & API call references at compile-time (Anti-Analysis)
  ☆28Updated last year
• NUL0x4C / GP
  using the gpu to hide your payload
  ☆63Updated 3 years ago
• Offensive-Panda / PEB_WALK_AND_API_OBFUSCATION_INJECTION
  This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.
  ☆23Updated last year
• 0xPrimo / KMDllInjector
  kernel-mode DLL Injector
  ☆119Updated 7 months ago
• r0keb / TrashFormer
  A 64 bit executable junk code engine for polymorphic malware.
  ☆73Updated 5 months ago
• EvilBytecode / Ntdll-Unhook
  Unhook Ntdll.dll, Go & C++.
  ☆32Updated 7 months ago
• jdu2600 / Get-InjectedThreadEx
  Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2
  ☆46Updated 2 years ago
• zero2504 / Shadow-Rebirth
  Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique
  ☆13Updated last year
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆165Updated last year
• CarlosG13 / Process-Hypnosis-Debugger-assisted-control-flow-hijack
  ☆39Updated last year
• C5Hackr / Segment-Encryption
  ☆26Updated last year
• Dor00tkit / BamExtensionTableHook
  Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…
  ☆91Updated 5 months ago