Alternatives and similar repositories for Exorcism

Users that are interested in Exorcism are comparing it to the libraries listed below

• moom825 / XenoStealer
  ☆52Updated last year
• symeonp / Lenovo-CVE-2025-8061
  PoC for popping a system shell against the LnvMSRIO.sys driver
  ☆117Updated 3 months ago
• AdvDebug / BehavEye
  Advanced dynamic malware analysis tool.
  ☆82Updated 2 years ago
• EvilBytecode / TaskMgr-Troll
  Troll TaskManager, and play with it .
  ☆30Updated 5 months ago
• ZeroMemoryEx / URootkit
  simple user-mode Rootkit
  ☆108Updated 3 years ago
• cod3nym / Deobfuscar
  A simple commandline application to automatically decrypt strings from Obfuscator protected binaries
  ☆47Updated last year
• micREsoft / SysCaller
  SysCaller: SDK for WindowsAPI via syscalls. Dynamic Resolution, Obfuscation, Multi-Language Bindings, & more!
  ☆51Updated 2 months ago
• C5Hackr / Eclipse
  A unique introduction to native runtime obfuscation.
  ☆74Updated 11 months ago
• 0xPrimo / KMDllInjector
  kernel-mode DLL Injector
  ☆125Updated 9 months ago
• C5Hackr / PEB-Redirection
  ☆12Updated last year
• dr4k0nia / Greenline
  Unpacker and Config Extractor for managed Redline Stealer payloads
  ☆41Updated 2 years ago
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆166Updated last year
• fcccode / Vx-Engines
  Collection of source code for Polymorphic, Metamorphic, and Permutation Engines used in Malware
  ☆30Updated 6 years ago
• hwbp / LazyHook
  Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.
  ☆129Updated last month
• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆81Updated 7 months ago
• r0keb / TrashFormer
  A 64 bit executable junk code engine for polymorphic malware.
  ☆75Updated 7 months ago
• CarlosG13 / Process-Hypnosis-Debugger-assisted-control-flow-hijack
  ☆42Updated last year
• itaymigdal / PichichiH0ll0wer
  Nim process hollowing loader
  ☆62Updated 6 months ago
• woldann / NThread
  Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…
  ☆59Updated 3 months ago
• knight0x07 / BumbleCrypt
  A Bumblebee-inspired Crypter
  ☆79Updated 3 years ago
• EvilBytecode / Evilbytecode-Gate
  Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…
  ☆26Updated 9 months ago
• EvilBytecode / EvilByte-Remote-AMSI-Bypass
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆54Updated 8 months ago
• EvilBytecode / Ebyte-Syscalls
  Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…
  ☆111Updated 3 months ago
• EvilBytecode / ThunderKitty-Ransomware
  Ransomware written in go, encrypt - decrypt.
  ☆29Updated 9 months ago
• hasherezade / shellc_encoder
  Standalone Metasploit-like XOR encoder for shellcode
  ☆50Updated last year
• EvilBytecode / Ntdll-Unhook
  Unhook Ntdll.dll, Go & C++.
  ☆32Updated 9 months ago
• KingKDot / PowerCrypt
  The best powershell obfuscator ever made
  ☆119Updated 6 months ago
• C5Hackr / Segment-Encryption
  ☆28Updated last year
• hellofromdaniel / nyxppl
  Windows Protected Process Light toggle tool — dynamically finds offsets and patches EPROCESS using RTCore64
  ☆64Updated 9 months ago
• idkhidden / winapipatcher
  WinApi Patcher is a straightforward tool leveraging windows API hooking to patch and modify certain behaviors in a targeted environment.
  ☆43Updated last year