PPLReaper is a Windows UNSIGNED kernel driver + userland companion tool designed to inspect and manipulate Protected Process Light (PPL) attributes at runtime.
☆24Mar 4, 2026Updated 4 months ago
Alternatives and similar repositories for PPLReaper
Users that are interested in PPLReaper are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- shellcode transformation tool for YARA evasion☆62Dec 17, 2025Updated 6 months ago
- Dump LSASS via physical memory read primitives in vulnerable kernel drivers☆35Feb 25, 2026Updated 4 months ago
- ☆50Jul 9, 2025Updated last year
- DevSecOps for the AI-era CI/CD pipeline. Catches the bugs your AI coding assistant introduces — before they reach production.☆20Updated this week
- Collection of custom implementations about some WinAPI functions☆31Feb 17, 2026Updated 4 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A BOF designed to inspect processes memory and addresses☆40Apr 19, 2026Updated 2 months ago
- Staged DLL injection proof-of-concept built in C using Win32 APIs — developed in an isolated lab environment for red team certification s…☆40Jun 4, 2026Updated last month
- Run PowerShell command without invoking powershell.exe☆27Apr 9, 2026Updated 3 months ago
- Windows/Linux LSA credential extractor for lsass.dmp minidumps. Targets Windows 11 24H2/25H2/26H1 and Windows Server 2025. Pure Win32, no…☆30May 14, 2026Updated 2 months ago
- Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability☆24Feb 5, 2025Updated last year
- Advanced PoC & Research for CVE-2026-0828 (Safetica) and CVE-2025-7771 (ThrottleStop). Analysis of BYOVD (Bring Your Own Vulnerable Drive…☆45Feb 4, 2026Updated 5 months ago
- A C# PE loader for x64 and x86 PE files.☆56Mar 9, 2026Updated 4 months ago
- Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueAp…☆74Feb 17, 2026Updated 4 months ago
- Multi-component Remote Access Trojan: C++ client (victim), C# server, and Angular frontend.☆61Jun 22, 2026Updated 3 weeks ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Tools for generating and validating IBANs (International Bank Account Numbers)☆10Aug 11, 2020Updated 5 years ago
- Bof of RegPwn by MDSec☆127Mar 15, 2026Updated 4 months ago
- A PoC Cobalt Strike UDRL written in Rust☆31Jun 20, 2026Updated 3 weeks ago
- An aggressor script that tracks operational changes made during a red team engagement. Gives you a full audit trail of what was changed a…☆27May 21, 2026Updated last month
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.☆145Dec 8, 2025Updated 7 months ago
- abusing windows toast notifications for fun and user manipulation☆105Updated this week
- Audiodg.exe DLL hijacking for LPE with reboot-free restart primitive. Executes code as LOCAL SERVICE, escalates to SYSTEM via Scheduled T…☆128Jan 24, 2026Updated 5 months ago
- Scripts to interact with Microsoft Graph APIs☆46Nov 7, 2024Updated last year
- M365 Conditional Access Policy Bypass OST (Offensive Tooling)☆45Apr 22, 2026Updated 2 months ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- A EDR bypassing shellcode loader framework for Windows 10 64bit, featuring ETW/AMSI patching, Tartarus Gate, process protection and more☆57Jun 24, 2026Updated 3 weeks ago
- Noradrenaline is a collection of high-performance post-exploitation shared libraries designed for native execution on macOS and Linux end…☆29Jul 6, 2026Updated last week
- ACL Viewer for Windows☆132May 4, 2025Updated last year
- method 59 from UACME in a standalone .C☆19Mar 24, 2026Updated 3 months ago
- Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass☆143Jan 29, 2026Updated 5 months ago
- PowerShell module for mapping byte offsets to source context and locating AMSI or Microsoft Defender detection boundaries in text and bin…☆35Updated this week
- Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR…☆108Updated this week
- A tool to easily perform GitLab Device Code Phishing on red team engagements☆51Feb 9, 2026Updated 5 months ago
- **CVE-2026-2636** is a vulnerability in the Windows Common Log File System (CLFS) driver (`CLFS.sys`). An unprivileged user can trigger a…☆15Feb 26, 2026Updated 4 months ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- NØW is a word-based shellcode encoding and obfuscation tool that transforms raw shellcode bytes into natural-looking English prose.☆69Jun 24, 2026Updated 3 weeks ago
- Spoof parent process ID☆14Jan 23, 2019Updated 7 years ago
- Active network shares enumeration tool.☆36Updated this week
- Decoding of Microsoft Script Encoder☆14Dec 29, 2018Updated 7 years ago
- The PoC for CVE-2025-70795 / CVE-2026-0828 and updated driver☆49Mar 13, 2026Updated 4 months ago
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆50Jul 6, 2025Updated last year
- NSecSoftBYOVD POC☆61Feb 12, 2026Updated 5 months ago