Kudaes/Unwinder external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Kudaes/Unwinder

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Kudaes/Unwinder)

Close

Kudaes / UnwinderView on GitHubMore

• External links
• Readme badge

Call stack spoofing for Rust

☆356Feb 7, 2025Updated last year

Alternatives and similar repositories for Unwinder

Users that are interested in Unwinder are comparing it to the libraries listed below

• Kudaes / DInvoke_rs

  View on GitHub
  Dynamically invoke arbitrary unmanaged code
  ☆359Feb 19, 2026Updated last week
• Kudaes / Shelter

  View on GitHub
  ROP-based sleep obfuscation to evade memory scanners
  ☆376Jun 22, 2025Updated 8 months ago
• klezVirus / SilentMoonwalk

  View on GitHub
  PoC Implementation of a fully dynamic call stack spoofer
  ☆922Jul 20, 2024Updated last year
• memN0ps / venom-rs

  View on GitHub
  Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)
  ☆360Mar 2, 2024Updated 2 years ago
• BlackSnufkin / NovaLdr

  View on GitHub
  Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
  ☆261Jun 29, 2024Updated last year
• joaoviictorti / rustclr

  View on GitHub
  Host CLR and run .NET binaries using Rust
  ☆151Dec 23, 2025Updated 2 months ago
• Kudaes / RustChain

  View on GitHub
  Hide memory artifacts using ROP and hardware breakpoints.
  ☆146Oct 20, 2023Updated 2 years ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆101Oct 7, 2023Updated 2 years ago
• janoglezcampos / rust_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆233Mar 23, 2023Updated 2 years ago
• WithSecureLabs / CallStackSpoofer

  View on GitHub
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆557Apr 8, 2025Updated 10 months ago
• Kudaes / Fiber

  View on GitHub
  Using fibers to run in-memory code.
  ☆242Oct 19, 2023Updated 2 years ago
• yamakadi / clroxide

  View on GitHub
  A rust library that allows you to host the CLR and execute dotnet binaries.
  ☆236Mar 12, 2025Updated 11 months ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• susMdT / LoudSunRun

  View on GitHub
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆261Oct 16, 2024Updated last year
• Signal-Labs / iat_unhook_sample

  View on GitHub
  (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…
  ☆137Mar 3, 2025Updated last year
• joaoviictorti / uwd

  View on GitHub
  Call Stack Spoofing for Rust
  ☆210Jan 28, 2026Updated last month
• b1tg / cobaltstrike-beacon-rust

  View on GitHub
  CobaltStrike beacon in rust
  ☆208Aug 10, 2024Updated last year
• Kudaes / Eclipse

  View on GitHub
  Activation Context Hijack
  ☆170Aug 3, 2025Updated 7 months ago
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆434Dec 21, 2023Updated 2 years ago
• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆232Feb 12, 2025Updated last year
• hakaioffsec / coffee

  View on GitHub
  A COFF loader made in Rust
  ☆328Aug 20, 2025Updated 6 months ago
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection

  View on GitHub
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆263Apr 29, 2023Updated 2 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,006Jun 4, 2024Updated last year
• kyleavery / pendulum

  View on GitHub
  Linux Sleep Obfuscation
  ☆112Jan 7, 2024Updated 2 years ago
• Cobalt-Strike / CallStackMasker

  View on GitHub
  A PoC implementation for dynamically masking call stacks with timers.
  ☆309Feb 13, 2023Updated 3 years ago
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆277Jan 23, 2025Updated last year
• wumb0 / rust_bof

  View on GitHub
  Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.
  ☆282Feb 8, 2024Updated 2 years ago
• Kudaes / EPI

  View on GitHub
  Threadless Process Injection through entry point hijacking
  ☆350Sep 10, 2024Updated last year
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆535Aug 1, 2022Updated 3 years ago
• rad9800 / TamperingSyscalls

  View on GitHub
  ☆505Aug 14, 2022Updated 3 years ago
• Idov31 / Cronos

  View on GitHub
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆622Sep 26, 2023Updated 2 years ago
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆253Jun 25, 2023Updated 2 years ago
• Nariod / RustPacker

  View on GitHub
  Template-based shellcode packer written in Rust, with indirect syscall support. Made with <3 for pentesters.
  ☆318Jun 24, 2025Updated 8 months ago
• codewhitesec / Lastenzug

  View on GitHub
  Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
  ☆235Oct 18, 2022Updated 3 years ago
• ElliotKillick / LdrLockLiberator

  View on GitHub
  For when DLLMain is the only way
  ☆424Oct 29, 2024Updated last year
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,295Mar 21, 2025Updated 11 months ago
• ipSlav / DirtyCLR

  View on GitHub
  An App Domain Manager Injection DLL PoC on steroids
  ☆212Dec 14, 2023Updated 2 years ago
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆675Dec 23, 2022Updated 3 years ago
• safedv / RustVEHSyscalls

  View on GitHub
  A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.
  ☆164Oct 31, 2024Updated last year