Alternatives and similar repositories for Windows-APT-Warfare

Users that are interested in Windows-APT-Warfare are comparing it to the libraries listed below

• RedTeamOperations / Journey-to-McAfee
  ☆113Updated 2 years ago
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆51Updated last year
• rasta-mouse / PPEnum
  Simple BOF to read the protection level of a process
  ☆114Updated 2 years ago
• mansk1es / GhostFart
  ☆136Updated last year
• MaorSabag / SideLoadingDLL
  Do some DLL SideLoading magic
  ☆83Updated last year
• daddycocoaman / dumpscan
  Finding secrets in kernel and user memory
  ☆115Updated last year
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆72Updated last month
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆88Updated 2 years ago
• codewhitesec / SysmonEnte
  ☆76Updated 2 years ago
• sensepost / mydumbedr
  ☆119Updated last year
• CymulateResearch / Blindside
  Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
  ☆127Updated 2 years ago
• 0prrr / Malwear-Sweet
  Malware?
  ☆70Updated 7 months ago
• 0x00Check / ExploitLeakedHandle
  Identify and exploit leaked handles for local privilege escalation.
  ☆107Updated last year
• SafeBreach-Labs / CortexVortex
  ☆77Updated last year
• oldboy21 / JayFinder
  Find DLLs with RWX section
  ☆80Updated last year
• gatariee / ldrgen
  Template-based generation of shellcode loaders
  ☆77Updated last year
• mrexodia / lolbin-poc
  Small PoC of using a Microsoft signed executable as a lolbin.
  ☆137Updated 2 years ago
• MayerDaniel / profiler-lateral-movement
  Lateral Movement via the .NET Profiler
  ☆81Updated 5 months ago
• FuzzySecurity / BHUSA-2023
  ☆105Updated 10 months ago
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆109Updated 8 months ago
• Octoberfest7 / Enumprotections_BOF
  A BOF to enumerate system process, their protection levels, and more.
  ☆116Updated 5 months ago
• zimnyaa / noWatch
  Implant drop-in for EDR testing
  ☆138Updated last year
• peiga / DumpThatLSASS
  Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation
  ☆31Updated 2 years ago
• SECFORCE / SharpWhispers
  C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.
  ☆105Updated 2 years ago
• naksyn / ModuleShifting
  Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…
  ☆116Updated last year
• Bw3ll / ShellWasp
  ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…
  ☆167Updated last year
• joe-desimone / patriot
  ☆140Updated 2 years ago
• eversinc33 / PSXecute
  MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.
  ☆114Updated 5 months ago
• RedTeamOperations / VEH-PoC
  ☆115Updated 2 years ago
• Helixo32 / SimpleEDR
  Simple EDR that injects a DLL into a process to place a hook on specific Windows API
  ☆91Updated last year