Alternatives and similar repositories for PECheck:

Users that are interested in PECheck are comparing it to the libraries listed below

• bitsadmin / lofl
  Living Off the Foreign Land setup scripts
  ☆67Updated 2 months ago
• mgeeky / msi-shenanigans
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆81Updated 2 years ago
• oldboy21 / JayFinder
  Find DLLs with RWX section
  ☆79Updated last year
• morRubin / NegoExRelay
  ☆88Updated 2 years ago
• dsnezhkov / shutter
  ☆116Updated 3 years ago
• outflanknl / Training-MSOfficeOffensiveTradecraft
  Info related to the Outflank training: Microsoft Office Offensive Tradecraft
  ☆52Updated 11 months ago
• EvilBytecode / Lifetime-Amsi-EtwPatch
  Two in one, patch lifetime powershell console, no more etw and amsi!
  ☆88Updated last week
• RedSiege / Chromatophore
  Utilities for obfuscating shellcode
  ☆59Updated last month
• EspressoCake / Process_Protection_Level_BOF
  ☆58Updated 3 years ago
• wotwot563 / aad_prt_bof
  ☆114Updated last year
• Octoberfest7 / Presentations
  Slide decks and/or materials from conference presentations
  ☆56Updated 2 years ago
• rkbennett / pybof
  Python module for running BOFs
  ☆70Updated last year
• peiga / DumpThatLSASS
  Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation
  ☆31Updated 2 years ago
• dmcxblue / AzureRedirector
  A C# project that builds a Web Application which redirects all HTTPS
  ☆24Updated 2 months ago
• FatCyclone / D-Pwn
  D/Invoke standalone shellcode runners
  ☆37Updated last year
• tothi / stager_libpeconv
  A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading
  ☆84Updated 2 years ago
• lkarlslund / hashmuncher
  Grab NetNTLMv2 hashes using ETW with administrative rights on Windows 8.1 / Windows Server 2016 and later
  ☆91Updated last year
• MayerDaniel / profiler-lateral-movement
  Lateral Movement via the .NET Profiler
  ☆81Updated 5 months ago
• xpn / CloudInject
  ☆110Updated 5 months ago
• n00py / GetFGPP
  Get Fine Grained Password Policy
  ☆70Updated last week
• grayhatkiller / SharpExShell
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆70Updated 11 months ago
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆38Updated 9 months ago
• EspressoCake / BOF_Development_Docker
  A VSCode devcontainer for development of COFF files with batteries included.
  ☆49Updated last year
• xforcered / VectoredExceptionHandling
  ☆32Updated 8 months ago
• Bl4ckM1rror / PEAs
  ☆59Updated last year
• BC-SECURITY / IronSharpPack
  IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…
  ☆114Updated 11 months ago
• eversinc33 / SharpStartWebclient
  Programmatically start WebClient from an unprivileged session to enable that juicy privesc.
  ☆74Updated 2 years ago
• zimnyaa / noWatch
  Implant drop-in for EDR testing
  ☆138Updated last year
• rasta-mouse / SpawnWith
  ☆106Updated 2 months ago
• bohops / DynamicDotNet
  A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
  ☆142Updated 11 months ago