Alternatives and similar repositories for Bypass-Sandbox-Evasion

Users that are interested in Bypass-Sandbox-Evasion are comparing it to the libraries listed below

• ZeroMemoryEx / TrampHook

  View on GitHub
  Simple x86 Trampoline Hook
  ☆45Aug 3, 2022Updated 3 years ago
• ZeroMemoryEx / SleepKiller

  View on GitHub
  Bypass Malware Time Delays
  ☆108Sep 23, 2022Updated 3 years ago
• ZeroMemoryEx / Overlord

  View on GitHub
  abusing Process Hacker driver to terminate other processes (BYOVD)
  ☆83May 23, 2023Updated 2 years ago
• ZeroMemoryEx / Hooks_Hunter

  View on GitHub
  Simple API Hooks detector
  ☆77Aug 22, 2022Updated 3 years ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆243Sep 26, 2023Updated 2 years ago
• SaadAhla / PE-Obfuscator

  View on GitHub
  PE obfuscator with Evasion in mind
  ☆213Apr 25, 2023Updated 2 years ago
• ZeroMemoryEx / APT38-0day-Stealer

  View on GitHub
  APT38 Tactic PoC for Stealing 0days from security researchers
  ☆323May 30, 2025Updated 8 months ago
• ZeroMemoryEx / Shellcode-Injector

  View on GitHub
  simple shellcode injector
  ☆118Aug 4, 2022Updated 3 years ago
• ZeroMemoryEx / URootkit

  View on GitHub
  simple user-mode Rootkit
  ☆108Oct 24, 2022Updated 3 years ago
• ZeroMemoryEx / Terminator

  View on GitHub
  Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
  ☆1,040Jun 20, 2023Updated 2 years ago
• mertdas / SharpTerminator

  View on GitHub
  Terminate AV/EDR Processes using kernel driver
  ☆352Jun 12, 2023Updated 2 years ago
• SaadAhla / D1rkSleep

  View on GitHub
  Improved version of EKKO by @5pider that Encrypts only Image Sections
  ☆125Feb 13, 2023Updated 3 years ago
• ZeroMemoryEx / Blackout

  View on GitHub
  kill anti-malware protected processes ( BYOVD )
  ☆970Jul 21, 2023Updated 2 years ago
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• SaadAhla / UnhookingPatch

  View on GitHub
  Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
  ☆314Aug 2, 2023Updated 2 years ago
• ZeroMemoryEx / C2-Hunter

  View on GitHub
  Extract C2 Traffic
  ☆252Nov 25, 2024Updated last year
• SaadAhla / Shellcode-Hide

  View on GitHub
  This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp…
  ☆438Aug 2, 2023Updated 2 years ago
• WKL-Sec / Winsocky

  View on GitHub
  Winsocket for Cobalt Strike.
  ☆102Jul 6, 2023Updated 2 years ago
• ZeroMemoryEx / Tokenizer

  View on GitHub
  Kernel Mode Driver for Elevating Process Privileges
  ☆134Mar 23, 2023Updated 2 years ago
• ZeroMemoryEx / Chaos-Rootkit

  View on GitHub
  Now You See Me, Now You Don't
  ☆1,025Jan 23, 2026Updated 3 weeks ago
• florylsk / SignatureGate

  View on GitHub
  Weaponized HellsGate/SigFlip
  ☆204Jun 7, 2023Updated 2 years ago
• naksyn / ProcessStomping

  View on GitHub
  A variation of ProcessOverwriting to execute shellcode on an executable's section
  ☆148Dec 16, 2023Updated 2 years ago
• SaadAhla / NTDLLReflection

  View on GitHub
  Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…
  ☆306Aug 2, 2023Updated 2 years ago
• SaadAhla / BlockOpenHandle

  View on GitHub
  Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…
  ☆172Apr 27, 2023Updated 2 years ago
• icyguider / LightsOut

  View on GitHub
  Generate an obfuscated DLL that will disable AMSI & ETW
  ☆329Jul 15, 2024Updated last year
• Sq00ky / RunAsPasswd

  View on GitHub
  A RunAs clone with the ability to specify the password as an argument.
  ☆112Jul 2, 2023Updated 2 years ago
• ZeroMemoryEx / Amsi-Killer

  View on GitHub
  Lifetime AMSI bypass
  ☆670Sep 26, 2023Updated 2 years ago
• PaulNorman01 / Dynamizer

  View on GitHub
  Reduce Dynamic Analysis Detection Rates With Built-In Unhooker, Anti Analysis Techniques, And String Obfuscator Modules.
  ☆21Dec 21, 2022Updated 3 years ago
• XaFF-XaFF / Black-Angel-Rootkit

  View on GitHub
  Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
  ☆671Nov 9, 2023Updated 2 years ago
• Octoberfest7 / Cohab_Processes

  View on GitHub
  A small Aggressor script to help Red Teams identify foreign processes on a host machine
  ☆84Jan 6, 2023Updated 3 years ago
• SaadAhla / TakeMyRDP

  View on GitHub
  A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing i…
  ☆398Aug 2, 2023Updated 2 years ago
• Kudaes / Fiber

  View on GitHub
  Using fibers to run in-memory code.
  ☆240Oct 19, 2023Updated 2 years ago
• Haunted-Banshee / ErebusGate

  View on GitHub
  ErebusGate for Nim Bypass AV/EDR
  ☆164Nov 7, 2022Updated 3 years ago
• georgi-i / winevt_logs_analysis

  View on GitHub
  Searching .evtx logs for remote connections
  ☆24Jul 6, 2023Updated 2 years ago
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆294Dec 3, 2023Updated 2 years ago
• Und3rf10w / CobaltStrikeBOFs

  View on GitHub
  Beacon Object Files used for Cobalt Strike
  ☆19Jul 18, 2023Updated 2 years ago
• XaFF-XaFF / ZwProcessHollowing

  View on GitHub
  ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
  ☆92Mar 23, 2023Updated 2 years ago
• g3tsyst3m / elevationstation

  View on GitHub
  elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative
  ☆381Nov 2, 2023Updated 2 years ago
• SaadAhla / AMSI_patch

  View on GitHub
  Patching AmsiOpenSession by forcing an error branching
  ☆155Aug 2, 2023Updated 2 years ago