Alternatives and similar repositories for Journey-to-McAfee

Users that are interested in Journey-to-McAfee are comparing it to the libraries listed below

• shogunlab / Mochi

  View on GitHub
  Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.
  ☆101Mar 27, 2022Updated 3 years ago
• Allevon412 / TeamsImplant

  View on GitHub
  ☆209Feb 24, 2022Updated 3 years ago
• SaadAhla / UnhookingPatch

  View on GitHub
  Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
  ☆314Aug 2, 2023Updated 2 years ago
• aaaddress1 / knownDlls_Poison

  View on GitHub
  ☆26Dec 29, 2021Updated 4 years ago
• jfmaes / AmsiHooker

  View on GitHub
  Hookers are cooler than patches.
  ☆170Jan 21, 2022Updated 4 years ago
• xforcered / BOFMask

  View on GitHub
  ☆129Jun 28, 2023Updated 2 years ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆243Sep 26, 2023Updated 2 years ago
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆138Sep 12, 2022Updated 3 years ago
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆301Oct 26, 2022Updated 3 years ago
• VirtualAlllocEx / Payload-Download-Cradles

  View on GitHub
  This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR …
  ☆256Jul 7, 2022Updated 3 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• outflanknl / unmanaged-dotnet-patch

  View on GitHub
  Modify managed functions from unmanaged code
  ☆53Feb 1, 2024Updated 2 years ago
• Maldev-Academy / MaldevAcademyLdr.1

  View on GitHub
  RunPE implementation with multiple evasive techniques (1)
  ☆381Sep 22, 2023Updated 2 years ago
• Octoberfest7 / BeatRev

  View on GitHub
  POC for frustrating/defeating Malware Analysts
  ☆158Jun 12, 2022Updated 3 years ago
• aaaddress1 / PR0CESS

  View on GitHub
  some gadgets about windows process and ready to use :)
  ☆610Oct 7, 2023Updated 2 years ago
• jfmaes / DeepSleep

  View on GitHub
  all credits go to @mgeeky
  ☆64Oct 14, 2021Updated 4 years ago
• 0xsp-SRD / callback_injection-Csharp

  View on GitHub
  this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…
  ☆88Jun 24, 2022Updated 3 years ago
• daem0nc0re / SharpWnfSuite

  View on GitHub
  C# Utilities for Windows Notification Facility
  ☆159Apr 14, 2025Updated 10 months ago
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆373May 24, 2022Updated 3 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆253Jun 25, 2023Updated 2 years ago
• TomOS3 / UserModeUnhooking

  View on GitHub
  This project is created for research into antivirus evasion by unhooking.
  ☆18Sep 2, 2021Updated 4 years ago
• pwnsauc3 / RWXfinder

  View on GitHub
  The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section
  ☆111Jul 15, 2023Updated 2 years ago
• RedTeamOperations / Advanced-Process-Injection-Workshop

  View on GitHub
  ☆778Oct 17, 2023Updated 2 years ago
• dosxuz / DefenderStop

  View on GitHub
  Stop Defender Service using C# via Token Impersonation
  ☆170Jan 30, 2022Updated 4 years ago
• S4ntiagoP / freeBokuLoader

  View on GitHub
  A simple BOF that frees UDRLs
  ☆122May 29, 2022Updated 3 years ago
• phackt / wptsextensions.dll

  View on GitHub
  WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.
  ☆55Jun 30, 2021Updated 4 years ago
• trustedsec / CS_COFFLoader

  View on GitHub
  ☆131Dec 4, 2023Updated 2 years ago
• nettitude / RunOF

  View on GitHub
  ☆152Jan 6, 2023Updated 3 years ago
• 0xsp-SRD / mortar

  View on GitHub
  evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
  ☆1,495Dec 21, 2023Updated 2 years ago
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• kleiton0x00 / Shelltropy

  View on GitHub
  A technique of hiding malicious shellcode via Shannon encoding.
  ☆263Oct 23, 2022Updated 3 years ago
• daem0nc0re / AtomicSyscall

  View on GitHub
  Tools and PoCs for Windows syscall investigation.
  ☆368Dec 2, 2025Updated 2 months ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,364Oct 27, 2023Updated 2 years ago
• Cracked5pider / KaynLdr

  View on GitHub
  KaynLdr is a Reflective Loader written in C/ASM
  ☆555Dec 3, 2023Updated 2 years ago
• oldboy21 / JayFinder

  View on GitHub
  Find DLLs with RWX section
  ☆80Jul 3, 2023Updated 2 years ago
• binderlabs / DirCreate2System

  View on GitHub
  Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting
  ☆363Dec 19, 2022Updated 3 years ago
• 0xEr3bus / ShadowForgeC2

  View on GitHub
  ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.
  ☆52Jul 15, 2023Updated 2 years ago
• alfarom256 / StinkyLoader

  View on GitHub
  It stinks
  ☆105Apr 22, 2022Updated 3 years ago