Teach2Breach/mal_ex

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Teach2Breach/mal_ex)

Teach2Breach / mal_ex

Source code for complete MALicious softWARE books I & II

☆78

Alternatives and similar repositories for mal_ex

Users that are interested in mal_ex are comparing it to the libraries listed below

Sorting:

PhantomSecurityGroup / Crystal-Kit
View on GitHub
Evasion kit for Cobalt Strike
☆30Jan 16, 2026Updated last month
sleepyG8 / GlyphDbg
View on GitHub
RE for champions
☆15Updated this week
rkbennett / icmpsh
View on GitHub
Simple reverse ICMP shell
☆14Apr 30, 2024Updated last year
Ne0nd0g / go-coff
View on GitHub
Load and execute a common object file format (COFF) in the current process
☆32Mar 9, 2024Updated last year
g0th1c54e4 / x64dbg-trace-parser
View on GitHub
An open-source tool for efficiently parsing x64dbg trace files (.trace32 & .trace64).
☆41Jan 20, 2026Updated last month
MalwareTech / ExifSmugglingPoC
View on GitHub
A Proof-of-Concept using Cache Smuggling + Exif data to passively download a second stage payload
☆51Oct 28, 2025Updated 4 months ago
whokilleddb / sinister-vsix
View on GitHub
Blog/Journal on how to backdoor VSCode extensions
☆77Feb 24, 2026Updated last week
gjhami / LinkSiren
View on GitHub
Coerce Windows authentication by generating, distributing, and cleaning up poisoned files at scale.
☆34Jun 17, 2025Updated 8 months ago
rasta-mouse / LibGate
View on GitHub
A Crystal Palace shared library to resolve & perform syscalls
☆57Oct 29, 2025Updated 4 months ago
zero2504 / EDR-GhostLocker
View on GitHub
AppLocker-Based EDR Neutralization
☆323Dec 19, 2025Updated 2 months ago
Teach2Breach / dev
View on GitHub
maldev obviously
☆28May 5, 2025Updated 10 months ago
alexlee820 / PatchedCLRLoader
View on GitHub
.NET assembly loader with patching AMSI and ETW bypass
☆31Apr 16, 2025Updated 10 months ago
Skeletal-Group / Hermes
View on GitHub
Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.
☆69Nov 15, 2025Updated 3 months ago
warpnet / COM-Fuzzer
View on GitHub
Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…
☆157Nov 23, 2025Updated 3 months ago
shellinvictus / GriffonAD
View on GitHub
Generate low-level commands to exploit the AD easily: learn and control every steps.
☆65Feb 25, 2026Updated last week
knight0x07 / WinRAR-CVE-2025-8088-PoC-RAR
View on GitHub
WinRAR 0day CVE-2025-8088 PoC RAR Archive
☆45Aug 12, 2025Updated 6 months ago
olafhartong / ETWLocksmith
View on GitHub
A powerful Windows command-line tool for analyzing and searching ETW (Event Tracing for Windows) provider permissions from the Windows re…
☆62Jul 29, 2025Updated 7 months ago
NocteDefensor / SCCMDecryptor-BOF
View on GitHub
☆51Jun 28, 2025Updated 8 months ago
nyxgeek / autodiscover_enum
View on GitHub
time-based user enum via Basic Auth in Azure against Autodiscover
☆34Oct 3, 2024Updated last year
rtecCyberSec / SpeechRuntimeMove
View on GitHub
Lateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM Hijacking
☆138Jul 2, 2025Updated 8 months ago
dobin / DetonatorAgent
View on GitHub
Detonate malware on VMs and get logs & detection status
☆84Jan 29, 2026Updated last month
mr-r3bot / bof-modules
View on GitHub
BOF for C2 framework
☆44Nov 9, 2024Updated last year
inb1ts / birdnet-poc
View on GitHub
Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
☆41Jul 9, 2023Updated 2 years ago
VirtualAlllocEx / HWBP-DEP-Bypass
View on GitHub
Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulati…
☆100Oct 17, 2025Updated 4 months ago
ACE-VSIT / ACECTF
View on GitHub
Association of Computer Enthusiasts brings you with ACECTF. Test your hacking skills in our thrilling 24-hour cybersecurity challenge. Le…
☆15Mar 2, 2025Updated last year
0xsh3llf1r3 / ColdWer
View on GitHub
Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
☆115Jan 29, 2026Updated last month
EspressoCake / BetterPipename
View on GitHub
Example of using Sleep to create better named pipes.
☆41Jul 25, 2023Updated 2 years ago
entropy-z / PostEx-Arsenal
View on GitHub
Arsenal of modules to beacon postex
☆94Updated this week
NetSPI / BOF-PE
View on GitHub
An example reference design for a proposed BOF PE
☆200Jan 23, 2026Updated last month
Mojo8898 / scripts
View on GitHub
This repository contains a collection of scripts I use regularly for offensive security-related tasks.
☆15Jan 17, 2026Updated last month
MedhatHassan / CyberTalents
View on GitHub
The CyberTalents repository is a collection of solutions and write-ups for challenges sourced from the CyberTalents platform. Organized …
☆21Jun 18, 2025Updated 8 months ago
kyxiaxiang / Safetasklist
View on GitHub
Help red teams find opsec processes during engagements
☆42Dec 7, 2024Updated last year
PaloAltoNetworks / pan-mcp-relay
View on GitHub
Palo Alto Networks AI Runtime Security Model Context Protocol (MCP) Relay Server
☆31Jan 27, 2026Updated last month
Meowmycks / koneko
View on GitHub
Robust Cobalt Strike shellcode loader with multiple advanced evasion features
☆200Apr 21, 2025Updated 10 months ago
initstring / RTAP
View on GitHub
Red Team Assessment Platform - reporting, visualizations, and analytics for cybersecurity red teams
☆34Jan 27, 2026Updated last month
CyberSecurityUP / ISO-27002-Document
View on GitHub
☆11May 30, 2021Updated 4 years ago
rabobank-cdc / dettect-editor
View on GitHub
DeTT&CT Editor
☆12Jan 21, 2026Updated last month
RenderZ0n3 / Malware-Development
View on GitHub
☆10Jul 1, 2023Updated 2 years ago
dobin / RedEdr
View on GitHub
Collect Windows telemetry for Maldev
☆460Jan 30, 2026Updated last month