Alternatives and similar repositories for Windows-APT-Warfare

Users that are interested in Windows-APT-Warfare are comparing it to the libraries listed below

• aaaddress1 / wowInjector

  View on GitHub
  PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
  ☆167May 27, 2021Updated 4 years ago
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆682Mar 11, 2024Updated last year
• bats3c / DarkLoadLibrary

  View on GitHub
  LoadLibrary for offensive operations
  ☆1,174Oct 22, 2021Updated 4 years ago
• ethereal-vx / Antivirus-Artifacts

  View on GitHub
  Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
  ☆753Nov 16, 2021Updated 4 years ago
• mai1zhi2 / SharpBeacon

  View on GitHub
  CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon，其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能
  ☆731Sep 1, 2021Updated 4 years ago
• Airboi / bypass-av-note

  View on GitHub
  免杀技术大杂烩---乱拳也打不死老师傅
  ☆1,095Mar 29, 2021Updated 4 years ago
• EddieIvan01 / win32api-practice

  View on GitHub
  Offensive tools written for practice purposes
  ☆162Sep 23, 2022Updated 3 years ago
• aaaddress1 / PR0CESS

  View on GitHub
  some gadgets about windows process and ready to use :)
  ☆610Oct 7, 2023Updated 2 years ago
• mai1zhi2 / SysWhispers2_x86

  View on GitHub
  X86 version of syswhispers2 / x86 direct system call
  ☆330Jan 28, 2021Updated 5 years ago
• iammaguire / MeetC2

  View on GitHub
  Modular C2 framework aiming to ease post exploitation for red teamers.
  ☆193May 22, 2022Updated 3 years ago
• yuawn / NTU-Computer-Security

  View on GitHub
  台大 計算機安全 - Pwn 簡報、影片、作業題目與解法 - Computer Security Fall 2019 @ CSIE NTU Taiwan
  ☆397Nov 28, 2021Updated 4 years ago
• aaaddress1 / wowGrail

  View on GitHub
  PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
  ☆109May 27, 2021Updated 4 years ago
• NoOne-hub / Beacon.dll

  View on GitHub
  Beacon.dll reverse
  ☆141Sep 5, 2021Updated 4 years ago
• LloydLabs / delete-self-poc

  View on GitHub
  A way to delete a locked file, or current running executable, on disk.
  ☆616Nov 5, 2025Updated 3 months ago
• xuanxuan0 / DripLoader

  View on GitHub
  Evasive shellcode loader for bypassing event-based injection detection (PoC)
  ☆822Aug 23, 2021Updated 4 years ago
• aahmad097 / AlternativeShellcodeExec

  View on GitHub
  Alternative Shellcode Execution Via Callbacks
  ☆1,696Nov 11, 2022Updated 3 years ago
• ZanderChang / anti-sandbox

  View on GitHub
  Windows对抗沙箱和虚拟机的方法总结
  ☆402Apr 22, 2020Updated 5 years ago
• hasherezade / transacted_hollowing

  View on GitHub
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆581Mar 8, 2024Updated last year
• nettitude / RunPE

  View on GitHub
  C# Reflective loader for unmanaged binaries.
  ☆447Jan 25, 2023Updated 3 years ago
• mai1zhi2 / ShellCodeFramework

  View on GitHub
  绕3环的shellcode免杀框架
  ☆574Mar 19, 2021Updated 4 years ago
• Mr-Un1k0d3r / EDRs

  View on GitHub
  ☆2,169Feb 21, 2023Updated 2 years ago
• hlldz / RefleXXion

  View on GitHub
  RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …
  ☆502Jan 25, 2022Updated 4 years ago
• xuanxuan0 / TiEtwAgent

  View on GitHub
  PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
  ☆298Apr 10, 2021Updated 4 years ago
• Yaxser / COFFLoader2

  View on GitHub
  Load and execute COFF files and Cobalt Strike BOFs in-memory
  ☆226Sep 13, 2022Updated 3 years ago
• kazmatw / AngelBoy-Windows-Binary-Exploitation-Note

  View on GitHub
  這份筆記是關於 Angelboy 2022 年在臺灣好厲駭開的 Windows Binary Exploitation 課程，內含個人撰寫的解題腳本、課堂筆記、以及自行設計的課堂練習題和架設腳本
  ☆87Nov 20, 2024Updated last year
• med0x2e / SigFlip

  View on GitHub
  SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…
  ☆1,253Aug 27, 2023Updated 2 years ago
• splitline / My-CTF-Challenges

  View on GitHub
  🏴 🏴 🏴
  ☆106Aug 28, 2025Updated 5 months ago
• u1f383 / Software-Security-2021-2022

  View on GitHub
  2021 交大程式安全 binary exploit 課程教材
  ☆302Jun 4, 2024Updated last year
• Cr4sh / MicroBackdoor

  View on GitHub
  Small and convenient C2 tool for Windows targets
  ☆612Mar 8, 2022Updated 3 years ago
• ChaitanyaHaritash / Callback_Shellcode_Injection

  View on GitHub
  POCs for Shellcode Injection via Callbacks
  ☆411Feb 23, 2021Updated 4 years ago
• rsmudge / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆283Sep 18, 2021Updated 4 years ago
• aaaddress1 / RunPE-In-Memory

  View on GitHub
  Run a Exe File (PE Module) in memory (like an Application Loader)
  ☆937Mar 28, 2021Updated 4 years ago
• Rvn0xsy / Cooolis-ms

  View on GitHub
  Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具，它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的…
  ☆929Jan 7, 2026Updated last month
• joshfaust / Alaris

  View on GitHub
  A protective and Low Level Shellcode Loader that defeats modern EDR systems.
  ☆917Mar 20, 2024Updated last year
• Hzllaga / JsLoader

  View on GitHub
  js免杀shellcode，绕过杀毒添加自启
  ☆356Mar 16, 2021Updated 4 years ago
• paranoidninja / PIC-Get-Privileges

  View on GitHub
  Building and Executing Position Independent Shellcode from Object Files in Memory
  ☆166Jan 30, 2021Updated 5 years ago
• hasherezade / pe_to_shellcode

  View on GitHub
  Converts PE into a shellcode
  ☆2,734Aug 30, 2025Updated 5 months ago
• kyleavery / inject-assembly

  View on GitHub
  Inject .NET assemblies into an existing process
  ☆508Jan 19, 2022Updated 4 years ago
• 0xpat / COFFInjector

  View on GitHub
  PoC MSVC COFF Object file loader/injector.
  ☆186Mar 19, 2021Updated 4 years ago