Alternatives and similar repositories for DefenderWrite

Users that are interested in DefenderWrite are comparing it to the libraries listed below

• wolfcod / beacondbg
  Beacon Debugger
  ☆55Updated last year
• xalicex / LOLDrivers_finder
  ☆88Updated 2 years ago
• Wh04m1001 / CVE-2023-36723
  ☆67Updated 2 years ago
• ph3n1x007 / EarlyBirdNTDLL
  ☆37Updated 2 years ago
• realstatus / CVE-2024-40711-Exp
  CVE-2024-40711-exp
  ☆42Updated last year
• outflanknl / nix_bof_template
  Beacon Object File (BOF) Template
  ☆58Updated 11 months ago
• 0xDeku / NiceKatz
  A nice process dumping tool
  ☆81Updated 3 years ago
• jonny-jhnson / RandomPOCs
  Repo that holds random POCs
  ☆51Updated last year
• Ridter / netsync
  Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.
  ☆59Updated 8 months ago
• dk0m / ZeroCrumb
  Dumping App Bound Protected Credentials & Cookies Without Privileges.
  ☆99Updated 5 months ago
• ANYLNK / NSecSoftBYOVD
  NSecSoftBYOVD POC
  ☆52Updated 2 months ago
• ScriptIdiot / sleepmask_PatchlessHook
  Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
  ☆85Updated 2 years ago
• iamagarre / BadExclusionsNWBO
  BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
  ☆75Updated last year
• Kudaes / CustomEntryPoint
  Select any exported function in a dll as the new dll's entry point.
  ☆81Updated last year
• entropy-z / PostEx-Arsenal
  Arsenal of modules to beacon postex formats like BOF/Shellcode including: dotnet in memory execution, lateral moviment (scm, winrm, dcom,…
  ☆64Updated 2 weeks ago
• pwnfuzz / byovd-watchdog
  Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.
  ☆30Updated 2 months ago
• 0xf00sec / Aether
  Self-mutating macOS implant
  ☆96Updated this week
• flostyen / windows-persistence
  Windows Persistence IT-Security
  ☆106Updated 8 months ago
• NtDallas / BOF_Spawn
  Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
  ☆126Updated 2 weeks ago
• cybersectroll / SharpPersistSD
  ☆92Updated last year
• smokeme / asar-backdoor
  ☆33Updated 7 months ago
• gavz / ExplorerPersist
  Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …
  ☆83Updated 2 years ago
• cbwang505 / FilesystemEoPDesktopSystemShell
  Folder Or File Delete to Get System Shell on Current Session Desktop
  ☆47Updated 10 months ago
• florylsk / NtDump
  Indirect NT syscalls LSASS dumper.
  ☆46Updated 2 years ago
• MrAle98 / Sliver-CPPImplant2
  Sliver agent rewritten in C++
  ☆48Updated last year
• Leo4j / PPLKiller
  Tool to bypass LSA Protection (aka Protected Process Light)
  ☆61Updated 10 months ago
• MaorSabag / interactive-execute-shellcode
  A simple PoC of injection shellcode into a remote process and get the output using namepipe
  ☆44Updated last year
• nand0san / av_detect
  This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of r…
  ☆49Updated last week
• Leo4j / SessionExec
  Execute commands in other Sessions
  ☆90Updated last year
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆76Updated last week