Alternatives and similar repositories for PPLKiller:

Users that are interested in PPLKiller are comparing it to the libraries listed below

• jojonas / SharpSAMDump
  SAM Dumping in C#
  ☆36Updated 6 months ago
• dis0rder0x00 / ParentProcessManipulation-LNK
  Using LNK files and user input simulation to start processes under explorer.exe
  ☆24Updated 2 months ago
• REDMED-X / InjectKit
  Modified versions of the Cobalt Strike Process Injection Kit
  ☆90Updated 10 months ago
• decoder-it / DFSCoerce-exe-2
  DFSCoerce exe revisited version with custom authentication
  ☆38Updated 11 months ago
• c3r3br4t3 / ShadowRDP
  ☆62Updated 10 months ago
• safedv / GPOAnalyzer
  GPOAnalyzer is a tool designed to assist in parsing domain Group Policy Object (GPO) files located in the SYSVOL directory.
  ☆21Updated 6 months ago
• parzel / GoSleepyCrypt
  In-memory sleep encryption and heap encryption for Go applications through a shellcode function.
  ☆39Updated 11 months ago
• ZephrFish / DynamicMSBuilder
  A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
  ☆31Updated 8 months ago
• MaorSabag / interactive-execute-shellcode
  A simple PoC of injection shellcode into a remote process and get the output using namepipe
  ☆37Updated 11 months ago
• snovvcrash / BOFs
  Beacon Object Files (not Buffer Overflows)
  ☆52Updated last year
• Cerbersec / pyMetaTwin
  Copy metadata and digital signatures information from one Windows executable to another using Wine on a non-Windows platform
  ☆16Updated 8 months ago
• wolfcod / lsassdump
  lsassdump via RtlCreateProcessReflection and NanoDump
  ☆74Updated 2 months ago
• EspressoCake / DefenderPathExclusions
  Creation and removal of Defender path exclusions and exceptions in C#.
  ☆30Updated last year
• Teach2Breach / snapinject_rs
  based on https://gitlab.com/ORCA000/snaploader
  ☆36Updated 2 weeks ago
• vysecurity / msmailprobe2
  Office 365 and Exchange Enumeration Version 2
  ☆18Updated 10 months ago
• deh00ni / NtDumpBOF
  ☆90Updated 3 months ago
• Leo4j / KeyCredentialLink
  Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute
  ☆19Updated 6 months ago
• rasta-mouse / KerbApp
  ☆28Updated 6 months ago
• Wh04m1001 / PICDumper
  ☆24Updated 2 years ago
• ScriptIdiot / sleepmask_PatchlessHook
  Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
  ☆80Updated last year
• jfjallid / go-lsass
  Tool to aid in dumping LSASS process remotely
  ☆27Updated 4 months ago
• Yair-Men / Passenger
  ProcExp Driver (Ab)use
  ☆20Updated last year
• EspressoCake / BOF_NativeAPI_Definitions-VSCode
  A VSCode plugin to assist with BOF development.
  ☆30Updated 4 months ago
• cybersectroll / TrollDump
  ☆80Updated 6 months ago
• realstatus / CVE-2024-40711-Exp
  CVE-2024-40711-exp
  ☆35Updated 2 months ago
• CodeXTF2 / evasion-adventures-files
  Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
  ☆24Updated last year
• NVISOsecurity / cs2br-bof
  ☆60Updated 4 months ago
• Patrick0x41 / BOF_All_Things
  Beacon Object Files (BOF) for Cobalt Strike.
  ☆28Updated 3 months ago