Alternatives and similar repositories for sim-ba:

Users that are interested in sim-ba are comparing it to the libraries listed below

• JohnWoodman / stealthInjector
  Injects shellcode into remote processes using direct syscalls
  ☆77Updated 4 years ago
• slyd0g / SK8RAT
  C++ implant that interfaces with a SK8PARK server
  ☆49Updated 3 years ago
• ethereal-vx / Persistence
  Recreating and reviewing the Windows persistence methods
  ☆38Updated 3 years ago
• SolomonSklash / UnhookingPOC
  A small commented POC for removing API hooks placed by AV/EDR.
  ☆34Updated 4 years ago
• N4kedTurtle / LocalDllParse
  ☆55Updated 3 years ago
• sailay1996 / FileWrite2system
  File Write Weapon for Privilege Escalation To get SYSTEM
  ☆18Updated 4 years ago
• netbiosX / GhostLoader
  GhostLoader - AppDomainManager - Injection - 攻壳机动队
  ☆52Updated 4 years ago
• mobdk / Upsilon
  Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
  ☆93Updated 3 years ago
• slyd0g / SK8PARK
  Python 3 server used to control SK8RAT implant
  ☆36Updated 4 years ago
• crummie5 / Freshycalls_PoC
  A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯
  ☆40Updated 4 years ago
• thesnoom / extps-cobalt-strike-bof
  Extended Process List (Search functionality)
  ☆29Updated 4 years ago
• GeorgePatsias / PayloadFactory
  C# implementation of Shellcode delivery techniques using PInvoke and DInvoke variations for API calling.
  ☆35Updated 3 years ago
• TheWover / donut-demos
  Demos of Donut used in conferences, etc. Mostly for my use, but free for others to use as a reference.
  ☆31Updated 5 years ago
• Allevon412 / BreadBear
  A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/
  ☆31Updated last year
• mobdk / Sigma
  Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx
  ☆14Updated 3 years ago
• ihack4falafel / Dell-Driver-EoP-CVE-2021-21551
  Dell Driver EoP (CVE-2021-21551)
  ☆32Updated 3 years ago
• jfmaes / DeepSleep
  all credits go to @mgeeky
  ☆64Updated 3 years ago
• dtrizna / DInvoke_PoC
  Hardened Proof of Concept of D/Invoke Process Injection malware
  ☆40Updated 4 years ago
• daem0nc0re / HEVD-CSharpKernelPwn
  CSharp Writeups for HackSys Extreme Vulnerable Driver
  ☆43Updated 3 years ago
• passthehashbrowns / suspendedunhook
  ☆39Updated 3 years ago
• leoloobeek / COMRunner
  A simple COM server which provides a component to run shellcode
  ☆133Updated 4 years ago
• KINGSABRI / DotNetToJScriptMini
  A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memory.
  ☆47Updated 4 years ago
• waldo-irc / JYang
  ☆14Updated 2 years ago
• fashionproof / RunHijackHunter
  ☆16Updated 3 years ago
• panagioto / SyscallHide
  Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.
  ☆74Updated 5 years ago
• fashionproof / CheckSafeBoot
  I used this to see if an EDR is running in Safe Mode
  ☆36Updated 4 years ago
• praetorian-inc / Matryoshka
  Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.
  ☆40Updated 3 years ago
• thiagomayllart / Covenant_Alternate
  Covenant is a collaborative .NET C2 framework for red teamers.
  ☆22Updated 4 years ago
• moloch-- / DarkLoadLibrary
  LoadLibrary for offensive operations
  ☆33Updated 3 years ago
• S3cur3Th1sSh1t / SharpOxidResolver
  IOXIDResolver from AirBus Security/PingCastle
  ☆47Updated 4 years ago