Alternatives and similar repositories for ADPT

Users that are interested in ADPT are comparing it to the libraries listed below

• safedv / RustVEHSyscalls
  A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.
  ☆151Updated 7 months ago
• Kudaes / rust_tips_and_tricks
  Rust For Windows Cheatsheet
  ☆120Updated 7 months ago
• JanielDary / ImmoralFiber
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆265Updated 9 months ago
• Friends-Security / RedirectThread
  Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…
  ☆170Updated last week
• safedv / Rustic64
  64-bit, position-independent implant template for Windows in Rust.
  ☆137Updated last month
• 0xTriboulet / rdll-rs
  A reflective DLL development template for the Rust programming language
  ☆97Updated last month
• xalicex / Killers
  Exploitation of process killer drivers
  ☆201Updated last year
• NetSPI / BOF-PE
  An example reference design for a proposed BOF PE
  ☆175Updated 2 months ago
• rad9800 / FileRenameJunctionsEDRDisable
  ☆155Updated 6 months ago
• djackreuter / rustlualoader
  Shellcode loader that executes embedded Lua from Rust.
  ☆114Updated 6 months ago
• BlackSnufkin / NyxInvoke
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆218Updated 4 months ago
• xrombar / flower
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆93Updated last year
• Slowerzs / PPLSystem
  ☆190Updated last year
• joaoviictorti / coffeeldr
  A COFF Loader written in Rust
  ☆102Updated this week
• akamai / Mirage
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆82Updated 4 months ago
• boku7 / patchwerk
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆184Updated 4 months ago
• NtDallas / Draugr
  BOF with Synthetic Stackframe
  ☆150Updated 4 months ago
• ipSlav / DirtyCLR
  An App Domain Manager Injection DLL PoC on steroids
  ☆173Updated last year
• vxCrypt0r / AMSI_VEH
  A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…
  ☆161Updated last year
• securifybv / BOFRyptor
  ☆125Updated last year
• BlackSnufkin / Rusty-Playground
  Some Rust program I wrote while learning Malware Development
  ☆133Updated 4 months ago
• WKL-Sec / LayeredSyscall
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆261Updated 10 months ago
• V-i-x-x / kernel-callback-removal
  kernel callback removal (Bypassing EDR Detections)
  ☆177Updated 3 months ago
• c2pain / RustBird
  Early Bird APC Injection in Rust
  ☆58Updated 8 months ago
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆155Updated 6 months ago
• joaoviictorti / rustclr
  Host CLR and run .NET binaries using Rust
  ☆109Updated this week
• nettitude / Tartarus-TpAllocInject
  ☆188Updated last year
• NtDallas / KrakenMask
  Sleep obfuscation
  ☆228Updated 6 months ago
• MzHmO / SymProcAddress
  Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)
  ☆142Updated last year
• xforcered / Being-A-Good-CLR-Host
  ☆110Updated 5 months ago