Alternatives and similar repositories for merlin

Users that are interested in merlin are comparing it to the libraries listed below

• SaadAhla / AMSI_patch
  Patching AmsiOpenSession by forcing an error branching
  ☆145Updated last year
• Tylous / Freeze
  Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
  ☆114Updated 2 years ago
• BeetleChunks / Obligato
  This project is an implant framework designed for long term persistent access to Windows machines.
  ☆110Updated last year
• MythicAgents / Athena
  ☆199Updated last month
• xpn / RandomTSScripts
  Collection of random RedTeam scripts.
  ☆205Updated last year
• oh-az / NoArgs
  NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…
  ☆152Updated last year
• Enelg52 / KittyStager
  KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this p…
  ☆221Updated last year
• SaadAhla / GithubC2
  Github as C2 Demonstration , free API = free C2 Infrastructure
  ☆140Updated last year
• cybersectroll / TrollAMSI
  ☆176Updated this week
• HavocFramework / Talon
  (Demo) 3rd party agent for Havoc
  ☆139Updated last year
• Peco602 / cobaltstrike-aggressor-scripts
  A collection of Cobalt Strike Aggressor scripts.
  ☆96Updated 3 years ago
• Ghost53574 / havoc_profile_generator
  Havoc C2 profile generator
  ☆89Updated 7 months ago
• nettitude / Aladdin
  ☆221Updated last year
• 3NailsInfoSec / DCVC2
  A Golang Discord C2 unlike any other. DCVC2 uses RTP packets over a voice channel to transmit all data leaving no operational traces in t…
  ☆129Updated 6 months ago
• almandin / krbjack
  A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.
  ☆126Updated 4 months ago
• VirtualAlllocEx / Payload-Download-Cradles
  This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR …
  ☆257Updated 2 years ago
• 0xsp-SRD / MDE_Enum
  comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
  ☆200Updated 11 months ago
• ZERODETECTION / MSC_Dropper
  ☆164Updated 10 months ago
• HavocFramework / Modules
  Modules used by the Havoc Framework
  ☆238Updated 11 months ago
• trevorsaudi / Mshikaki
  A shellcode injection tool showcasing various process injection techniques
  ☆136Updated last year
• OccamsXor / Dragnmove
  Infect Shared Files In Memory for Lateral Movement
  ☆195Updated 2 years ago
• TunnelGRE / Percino
  Evasive Golang Loader
  ☆131Updated 10 months ago
• som3canadian / Cloudflare-Redirector
  Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.
  ☆165Updated 2 months ago
• HuskyHacks / SharpTokenFinder
  C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
  ☆139Updated 10 months ago
• WKL-Sec / GregsBestFriend
  GregsBestFriend process injection code created from the White Knight Labs Offensive Development course
  ☆190Updated last year
• mandiant / msi-search
  ☆277Updated last year
• smokeme / airstrike
  ☆166Updated 10 months ago
• NUL0x4C / NoRunPI
  Run Your Payload Without Running Your Payload
  ☆182Updated 2 years ago
• brosck / Reaper
  「💀」Proof of concept on BYOVD attack
  ☆159Updated 5 months ago
• MzHmO / NtlmThief
  Extracting NetNTLM without touching lsass.exe
  ☆235Updated last year