Alternatives and similar repositories for Intro-to-EDR-Evasion

Users that are interested in Intro-to-EDR-Evasion are comparing it to the libraries listed below

• 123ojp / VxLAN-Scanner

  View on GitHub
  This is a VxLAN PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion
  ☆28Jul 21, 2025Updated 6 months ago
• maxDcb / C2Implant

  View on GitHub
  Windows C++ Implant for Exploration C2
  ☆44Jan 26, 2026Updated 3 weeks ago
• dinosn / citrix_cve-2023-4966

  View on GitHub
  Citrix CVE-2023-4966 from assetnote modified for parallel and file handling
  ☆11Oct 25, 2023Updated 2 years ago
• 0x3rhy / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆13Feb 4, 2024Updated 2 years ago
• ameenalkerdy / ETWShellcodeLoader

  View on GitHub
  Shellcode Loader Utilizing ETW Events
  ☆67Feb 26, 2025Updated 11 months ago
• aitorfirm / BlackIris

  View on GitHub
  Thats it! An Open-Source Windows UEFI Rootkit
  ☆28Jul 19, 2025Updated 6 months ago
• DominicBreuker / SliverSamples

  View on GitHub
  A collection of sample code used in some experiments with Sliver C2
  ☆16Mar 28, 2023Updated 2 years ago
• MaangoTaachyon / SelfDeletion-Updated

  View on GitHub
  Updated version of a long known self deletion technique to work with 24H2.
  ☆61Jun 9, 2025Updated 8 months ago
• layer8secure / ConvertHound

  View on GitHub
  An easy way to convert BloodHound output files into data that can be imported into reporting software like Dradis and Plextrac. Built by …
  ☆18Oct 15, 2020Updated 5 years ago
• a7t0fwa7 / DllDragon

  View on GitHub
  A simple to use single-include Windows API resolver
  ☆23Jul 9, 2024Updated last year
• KickedDroid / bof_oxide

  View on GitHub
  A POC for developing BOFs for Sliver, Havoc, Cobalt Strike or most COFFLoaders in Rust.
  ☆74Aug 24, 2025Updated 5 months ago
• EspressoCake / BetterPipename

  View on GitHub
  Example of using Sleep to create better named pipes.
  ☆41Jul 25, 2023Updated 2 years ago
• garrettfoster13 / ldap_bofs

  View on GitHub
  Random BOFs for LDAP tradecraft
  ☆72Sep 9, 2025Updated 5 months ago
• sabrinalupsan / pentesting-azure-ad

  View on GitHub
  A cheatsheet of commands used to pass the CARTP (Certified Azure Red Team Professional) exam.
  ☆21May 4, 2023Updated 2 years ago
• ghostbyt3 / BYOVDFinder

  View on GitHub
  Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.
  ☆75Jul 25, 2025Updated 6 months ago
• dr4ndrei / OHFFLdr

  View on GitHub
  One-header configurable C++20 COFF loader
  ☆21Jul 21, 2025Updated 6 months ago
• NioZow / Imperium

  View on GitHub
  A C++/Asm template for PIC/EXE/DLL malware
  ☆24Aug 12, 2025Updated 6 months ago
• xforcered / Agent-Development-Stack

  View on GitHub
  Backend development stack for agents
  ☆29Jul 30, 2025Updated 6 months ago
• thelikes / slivercloak

  View on GitHub
  PoC framework for Sliver compilation
  ☆22Jan 14, 2025Updated last year
• GhnimiWael / LDAPHunter

  View on GitHub
  LDAP Enumeration Tool for Pentesters
  ☆48Apr 22, 2025Updated 9 months ago
• tsarpaul / RpcEnumIDA

  View on GitHub
  XPN's RpcEnum but based on IDA instead of Ghidra
  ☆21Aug 17, 2019Updated 6 years ago
• dmcxblue / AzureFunctionRedirector

  View on GitHub
  ☆49Apr 9, 2025Updated 10 months ago
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆104Feb 25, 2025Updated 11 months ago
• zer0condition / NTMemory

  View on GitHub
  Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.
  ☆68Jan 27, 2026Updated 2 weeks ago
• WKL-Sec / docker-cobaltstrike

  View on GitHub
  Docker container for running CobaltStrike 4.7 and above
  ☆24Mar 20, 2025Updated 10 months ago
• Sachinart / CVE-2024-0012-POC

  View on GitHub
  CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) RCE POC
  ☆20Nov 19, 2024Updated last year
• silentwarble / hbin_template

  View on GitHub
  Post-Ex BOF tooling for Hannibal
  ☆24Nov 20, 2024Updated last year
• HulkOperator / CallStackSpoofer

  View on GitHub
  ☆61Dec 19, 2024Updated last year
• ColeHouston / theHandler-BOF

  View on GitHub
  Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
  ☆38Aug 5, 2025Updated 6 months ago
• jhalon / cSessionHop

  View on GitHub
  Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM
  ☆63Dec 25, 2025Updated last month
• ofasgard / execute-assembly-pico

  View on GitHub
  A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
  ☆128Jan 28, 2026Updated 2 weeks ago
• RWXstoned / GimmeShelter

  View on GitHub
  Situational Awareness script to identify how and where to run implants
  ☆67Dec 6, 2024Updated last year
• Teach2Breach / pool_party_rs

  View on GitHub
  remote process injections using pool party techniques
  ☆70Jun 29, 2025Updated 7 months ago
• cybersectroll / TrollRPC

  View on GitHub
  ☆50Jul 9, 2025Updated 7 months ago
• AI-Voodoo / Red_AI_Archive_Jeff_Sims

  View on GitHub
  Red AI Archive: Jeff Sims - A curated collection of work in AI safety, cybersecurity data science, and AI red teaming – my own research a…
  ☆26Apr 1, 2025Updated 10 months ago
• FalconForceTeam / bof-winrm-client

  View on GitHub
  ☆126Jan 23, 2025Updated last year
• zero2504 / FrostLock-Injection

  View on GitHub
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆43Apr 6, 2025Updated 10 months ago
• m8sec / Dispatch

  View on GitHub
  Evasive Payload Delivery Server & C2 Redirector
  ☆112Nov 3, 2025Updated 3 months ago
• thiagopeixoto / mystique-self-injection

  View on GitHub
  An improvement and a different approach to Mockingjay Self-Injection.
  ☆35May 21, 2024Updated last year