Alternatives and similar repositories for MFTool

Users that are interested in MFTool are comparing it to the libraries listed below

• dis0rder0x00 / obex
  Obex – Blocking unwanted DLLs in user mode
  ☆262Updated last month
• 0xsch1zo / NullGate
  Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
  ☆159Updated 3 months ago
• MythicAgents / Hannibal
  A Mythic Agent written in PIC C.
  ☆202Updated 9 months ago
• rad9800 / byor
  ☆158Updated 5 months ago
• safedv / RustSoliloquy
  A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …
  ☆187Updated 6 months ago
• RedSiege / Jigsaw
  Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
  ☆201Updated 7 months ago
• Cracked5pider / earlycascade-injection
  early cascade injection PoC based on Outflanks blog post
  ☆232Updated last year
• 0xsp-SRD / MDE_Enum
  comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
  ☆209Updated last year
• 0xNinjaCyclone / EarlyCascade
  A PoC for Early Cascade process injection technique.
  ☆200Updated 9 months ago
• Macmod / ldapx
  Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
  ☆170Updated 10 months ago
• NVISOsecurity / codasm
  Payload encoding utility to effectively lower payload entropy.
  ☆120Updated 7 months ago
• Maldev-Academy / TrapFlagForSyscalling
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆131Updated 2 months ago
• ZERODETECTION / MSC_Dropper
  ☆217Updated last year
• loosehose / SilentButDeadly
  SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connecti…
  ☆236Updated 2 weeks ago
• oldkingcone / BYOSI
  Evade EDR's the simple way, by not touching any of the API's they hook.
  ☆162Updated 9 months ago
• NtDallas / Svartalfheim
  Stage 0
  ☆164Updated 10 months ago
• synacktiv / GroupPolicyBackdoor
  Group Policy Objects manipulation and exploitation framework
  ☆269Updated last month
• boku7 / StringReaper
  Reaping treasures from strings in remote processes memory
  ☆275Updated 9 months ago
• Octoberfest7 / Secure_Stager
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆194Updated 11 months ago
• 3lp4tr0n / RemoteMonologue
  Weaponizing DCOM for NTLM Authentication Coercions
  ☆174Updated last week
• CCob / Shwmae
  ☆163Updated 9 months ago
• 0xNinjaCyclone / AsmLdr
  Dynamic shellcode loader with sophisticated evasion capabilities
  ☆253Updated last month
• Maldev-Academy / MaldevAcademyLdr.2
  RunPE implementation with multiple evasive techniques
  ☆238Updated last month
• fin3ss3g0d / StoneKeeper
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆207Updated 10 months ago
• ricardojoserf / NativeBypassCredGuard
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆260Updated 7 months ago
• scrt / PowerChell
  A PowerShell console in C/C++ with all the security features disabled
  ☆285Updated last month
• rtecCyberSec / BitlockMove
  Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking
  ☆366Updated 4 months ago
• BlackSnufkin / NyxInvoke
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆227Updated 9 months ago
• andreisss / Ghosting-AMSI
  Ghosting-AMSI
  ☆220Updated 6 months ago
• Kudaes / Eclipse
  Activation Context Hijack
  ☆170Updated 3 months ago