Alternatives and similar repositories for Nim-RunPE

Users that are interested in Nim-RunPE are comparing it to the libraries listed below

• S3cur3Th1sSh1t / NimGetSyscallStub

  View on GitHub
  Get fresh Syscalls from a fresh ntdll.dll copy
  ☆236Jan 28, 2022Updated 4 years ago
• icyguider / Nimcrypt2

  View on GitHub
  .NET, PE, & Raw Shellcode Packer/Loader Written in Nim
  ☆815Jan 20, 2023Updated 3 years ago
• chvancooten / NimPackt-v1

  View on GitHub
  Nim-based assembly packer and shellcode loader for opsec & profit
  ☆488Feb 24, 2023Updated 2 years ago
• adamsvoboda / nim-loader

  View on GitHub
  WIP shellcode loader in nim with EDR evasion techniques
  ☆221Mar 30, 2022Updated 3 years ago
• Cerbersec / KillDefenderBOF

  View on GitHub
  Beacon Object File PoC implementation of KillDefender
  ☆236Apr 12, 2022Updated 3 years ago
• frkngksl / NiCOFF

  View on GitHub
  COFF and BOF Loader written in Nim
  ☆175Aug 1, 2022Updated 3 years ago
• nettitude / RunPE

  View on GitHub
  C# Reflective loader for unmanaged binaries.
  ☆447Jan 25, 2023Updated 3 years ago
• S3cur3Th1sSh1t / NimShellcodeFluctuation

  View on GitHub
  ShellcodeFluctuation PoC ported to Nim
  ☆79Oct 14, 2022Updated 3 years ago
• byt3bl33d3r / NimDllSideload

  View on GitHub
  DLL sideloading/proxying with Nim!
  ☆175Dec 4, 2022Updated 3 years ago
• zimawhit3 / Bitmancer

  View on GitHub
  Nim Library for Offensive Security Development
  ☆197Sep 4, 2023Updated 2 years ago
• ajpc500 / NimlineWhispers2

  View on GitHub
  A tool for converting SysWhispers2 syscalls for use with Nim projects
  ☆125Dec 22, 2021Updated 4 years ago
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆536Aug 1, 2022Updated 3 years ago
• Cracked5pider / Ekko

  View on GitHub
  Sleep Obfuscation
  ☆814Dec 3, 2023Updated 2 years ago
• plackyhacker / SandboxDefender

  View on GitHub
  C# code to Sandbox Defender (and most probably other AV/EDRs).
  ☆167Apr 22, 2022Updated 3 years ago
• andreiverse / grc2

  View on GitHub
  grim reaper c2
  ☆347Nov 19, 2022Updated 3 years ago
• frkngksl / ParallelNimcalls

  View on GitHub
  Nim version of MDSec's Parallel Syscall PoC
  ☆124Jan 14, 2022Updated 4 years ago
• moloch-- / denim

  View on GitHub
  Automated compiler obfuscation for nim
  ☆140Jun 27, 2022Updated 3 years ago
• memN0ps / venom-rs

  View on GitHub
  Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)
  ☆360Mar 2, 2024Updated last year
• klezVirus / NimlineWhispers3

  View on GitHub
  A tool for converting SysWhispers3 syscalls for use with Nim projects
  ☆148Jun 2, 2022Updated 3 years ago
• frkngksl / NimExec

  View on GitHub
  Fileless Command Execution for Lateral Movement in Nim
  ☆388Dec 12, 2023Updated 2 years ago
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,585Jul 31, 2024Updated last year
• Cracked5pider / KaynLdr

  View on GitHub
  KaynLdr is a Reflective Loader written in C/ASM
  ☆554Dec 3, 2023Updated 2 years ago
• kyleavery / inject-assembly

  View on GitHub
  Inject .NET assemblies into an existing process
  ☆508Jan 19, 2022Updated 4 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,004Jun 4, 2024Updated last year
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆682Mar 11, 2024Updated last year
• optiv / Ivy

  View on GitHub
  Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …
  ☆747Aug 18, 2023Updated 2 years ago
• S3cur3Th1sSh1t / Nim_DInvoke

  View on GitHub
  D/Invoke implementation in Nim
  ☆103Jun 8, 2022Updated 3 years ago
• MartinIngesen / TokenStomp

  View on GitHub
  C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic
  ☆145Feb 23, 2022Updated 3 years ago
• S3cur3Th1sSh1t / Ruy-Lopez

  View on GitHub
  ☆319Jun 28, 2023Updated 2 years ago
• mgeeky / ShellcodeFluctuation

  View on GitHub
  An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…
  ☆1,088Jun 17, 2022Updated 3 years ago
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆301Oct 26, 2022Updated 3 years ago
• pwn1sher / KillDefender

  View on GitHub
  A small POC to make defender useless by removing its token privileges and lowering the token integrity
  ☆689Jun 28, 2022Updated 3 years ago
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆294Dec 3, 2023Updated 2 years ago
• icyguider / Shhhloader

  View on GitHub
  Syscall Shellcode Loader (Work in Progress)
  ☆1,255May 8, 2024Updated last year
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,294Mar 21, 2025Updated 10 months ago
• Cerbersec / Ares

  View on GitHub
  Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
  ☆337Jan 16, 2022Updated 4 years ago
• Dec0ne / HWSyscalls

  View on GitHub
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆718Jul 19, 2023Updated 2 years ago
• hlldz / RefleXXion

  View on GitHub
  RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …
  ☆502Jan 25, 2022Updated 4 years ago
• mgeeky / ElusiveMice

  View on GitHub
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆482Jul 12, 2023Updated 2 years ago