Alternatives and similar repositories for CobaltStrikeBypassDefender:

Users that are interested in CobaltStrikeBypassDefender are comparing it to the libraries listed below

• Offensive-Panda / D3MPSEC
  "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…
  ☆24Updated 5 months ago
• Octoberfest7 / Cohab_Processes
  A small Aggressor script to help Red Teams identify foreign processes on a host machine
  ☆83Updated 2 years ago
• RixedLabs / IDLE-Abuse
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆52Updated last year
• RATandC2 / FilelessNtdllReflection
  Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…
  ☆15Updated 2 years ago
• rad9800 / BloatedHammer
  API Hammering with C++20
  ☆45Updated 2 years ago
• ProcessusT / UnhookingDLL
  This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…
  ☆68Updated last year
• VirtualAlllocEx / DSC_SVC_REMOTE
  This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for loc…
  ☆51Updated last year
• atabetnouhaila / API-hashing
  ☆18Updated 4 months ago
• Maldev-Academy / DRMBinViaOrdinalImports
  Create Anti-Copy DRM Malware
  ☆52Updated 6 months ago
• HulkOperator / AuthStager
  ☆53Updated 4 months ago
• wolfcod / lsassdump
  lsassdump via RtlCreateProcessReflection and NanoDump
  ☆80Updated 4 months ago
• b4rth0v5k1 / EarlyBirdNTDLL
  ☆36Updated 2 years ago
• CodeXTF2 / evasion-adventures-files
  Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
  ☆26Updated 2 years ago
• EspressoCake / DLL-Exports-Extraction-BOF
  DLL Exports Extraction BOF with optional NTFS transactions.
  ☆81Updated 3 years ago
• gavz / ExplorerPersist
  Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …
  ☆81Updated 2 years ago
• S12cybersecurity / PDFTypeSpoofing
  PDF Icon File Type Spoofer
  ☆13Updated 7 months ago
• MaorSabag / LoaderInjector
  ☆19Updated 2 years ago
• SaadAhla / PSpersist
  Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…
  ☆85Updated last year
• MaorSabag / interactive-execute-shellcode
  A simple PoC of injection shellcode into a remote process and get the output using namepipe
  ☆42Updated last year
• Kr0ff / WinMalDev
  Various methods of executing shellcode
  ☆68Updated last year
• ZeroMemoryEx / Overlord
  abusing Process Hacker driver to terminate other processes (BYOVD)
  ☆81Updated last year
• dosxuz / PerunsFart
  This is my own implementation of the Perun's Fart technique by Sektor7
  ☆68Updated 2 years ago
• Idov31 / NidhoggScript
  NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
  ☆46Updated last year
• wsummerhill / Python-Crypter
  Custom Python shellcode encryptor and obfuscator
  ☆13Updated 10 months ago
• ps1337 / Lastenzug
  Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
  ☆25Updated 2 years ago
• susMdT / SharpAgent
  C# havoc implant
  ☆98Updated 2 years ago
• san3ncrypt3d / AESShellCodeEncrypter
  This is a CS project that will encrypt shell code from msfvenom using AES
  ☆22Updated 2 years ago
• MaorSabag / SideLoadingDLL
  Do some DLL SideLoading magic
  ☆79Updated last year
• xiosec / Terminator
  PowerShell script to terminate protected processes such as anti-malware and EDRs.
  ☆26Updated last year
• jakabakos / CVE-2023-36884-MS-Office-HTML-RCE
  MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit
  ☆39Updated last year