Alternatives and similar repositories for Anti-Sandbox

Users that are interested in Anti-Sandbox are comparing it to the libraries listed below

• wolfcod / beacondbg
  Beacon Debugger
  ☆55Updated last year
• almounah / GoDroplets
  Go Shellcode Loader to be Integrated in Exploration C2
  ☆28Updated 9 months ago
• entropy-z / PostEx-Arsenal
  Arsenal of modules to beacon postex formats like BOF/Shellcode including: dotnet in memory execution, lateral moviment (scm, winrm, dcom,…
  ☆69Updated 2 weeks ago
• 0xTriboulet / ai-postex
  Proof-of-concept implementation of AI-enabled postex DLLs
  ☆51Updated 2 months ago
• safedv / Rustic64Shell
  A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.
  ☆84Updated 7 months ago
• 7h3w4lk3r / RexLdr
  Rex Shellcode Loader for AV/EDR evasion
  ☆34Updated last year
• SaadAhla / Killer-Exercice
  An Exercice for Red Team to Reverse & Exploit, that's a valide BYOVD Killer, not HVCI Blocklisted, and not in LOLBIN
  ☆34Updated 4 months ago
• Teach2Breach / nt_unhooker
  demo unhooking functions in ntdll
  ☆28Updated 4 months ago
• logangoins / BadTakeover-BOF
  Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
  ☆80Updated last month
• 0xTriboulet / scepter-rs
  A hacky way of getting cross-arch/platform support in Cobalt Strike
  ☆38Updated 3 months ago
• Acucarinho / havoc-obfuscator
  Automated script for obfuscating, rebranding and renaming the Havoc C2 Framework to evade AV/EDR and C2 hunters.
  ☆45Updated 3 months ago
• Maldev-Academy / HookingLsassForCredentials
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆53Updated 6 months ago
• EvilBytecode / Ebyte-AMSI-ProxyInjector
  A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…
  ☆61Updated 6 months ago
• zarkones / BloodfangC2
  Modern PIC implant for Windows (64 & 32 bit)
  ☆105Updated 4 months ago
• BlackSnufkin / HolyGrail
  BYOVD hunter to help prioritize windows drivers worth manual analysis
  ☆43Updated 3 months ago
• EvilWhales / RProxy-LAB
  RProxy LAB is intended solely for educational purposes and authorized security testing with EvilGinx / Modlishka / EvilPuppet e.t.c tools
  ☆36Updated 2 weeks ago
• djackreuter / btexec
  Execute shellcode via Bluetooth device authentication
  ☆40Updated 9 months ago
• pard0p / Self-Cleaning-PICO-Loader
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆47Updated 3 weeks ago
• furax124 / Protect_Loader
  A fucking real shellcode loader with a GUI. Work-in-Progress.
  ☆80Updated 5 months ago
• Wh04m1001 / CVE-2023-36723
  ☆67Updated 2 years ago
• NUL0x4C / HookingLsassForCredentials
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆60Updated 6 months ago
• T1erno / bin2shellcode
  C++ tool and library for converting .bin files to shellcode in multiple output formats.
  ☆34Updated 3 months ago
• Network-Sec / CVE-2025-21420-PoC
  We found a way to DLL sideload with cleanmgr.exe
  ☆95Updated 9 months ago
• Whitecat18 / earlycascade-injection
  Early cascade injection PoC based on Outflanks blog post written in Rust
  ☆60Updated 9 months ago
• Teach2Breach / snapinject_rs
  A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
  ☆50Updated 10 months ago
• Teach2Breach / phantom_persist_rs
  Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence
  ☆59Updated 5 months ago
• 0xedh / DEFCON33-KillChainReloaded
  ☆74Updated 3 months ago
• Nicolas-Arsenault / Havoc-C2-RCE-2024
  Abusing SSRF to deliver an authenticated command injection payload
  ☆30Updated 2 months ago
• SecTheBit / ZoomBotC2
  ☆56Updated 5 months ago
• Leo4j / PPLKiller
  Tool to bypass LSA Protection (aka Protected Process Light)
  ☆61Updated 10 months ago