alexlee820/PatchedCLRLoader external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

alexlee820/PatchedCLRLoader

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/alexlee820/PatchedCLRLoader)

Close

alexlee820 / PatchedCLRLoaderView on GitHubMore

• External links
• Readme badge

.NET assembly loader with patching AMSI and ETW bypass

☆31Apr 16, 2025Updated 11 months ago

Alternatives and similar repositories for PatchedCLRLoader

Users that are interested in PatchedCLRLoader are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• c2pain / RustPatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass in Rust
  ☆58Oct 9, 2024Updated last year
• whokilleddb / funcshenanigans

  View on GitHub
  A bunch of shenanigans using functions, VEH and more
  ☆38Jun 8, 2025Updated 9 months ago
• mallo-m / AxiomDumper

  View on GitHub
  Lsass dumper evading (all ?) EDR detection
  ☆49Nov 10, 2025Updated 4 months ago
• EricEsquivel / Inline-EA

  View on GitHub
  Cobalt Strike BOF for evasive .NET assembly execution
  ☆310Mar 31, 2025Updated 11 months ago
• V-i-x-x / kernel-callback-removal

  View on GitHub
  kernel callback removal (Bypassing EDR Detections)
  ☆210Nov 14, 2025Updated 4 months ago
• 123ojp / VxLAN-Scanner

  View on GitHub
  This is a VxLAN PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion
  ☆28Jul 21, 2025Updated 8 months ago
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆301Jul 31, 2024Updated last year
• casp3r0x0 / CortexRansomBypass

  View on GitHub
  Cortex EDR Ransomware protection Bypass
  ☆27Feb 8, 2025Updated last year
• ibaiC / FriendlyFireBOF

  View on GitHub
  A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
  ☆57Apr 14, 2025Updated 11 months ago
• warpnet / COM-Fuzzer

  View on GitHub
  Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…
  ☆157Nov 23, 2025Updated 4 months ago
• c2pain / RC4_Encryptor

  View on GitHub
  Encrypt any C# binary or bin file
  ☆12Aug 1, 2024Updated last year
• temp43487580 / mprecon

  View on GitHub
  a small script to collect information from a management point
  ☆37Jan 19, 2026Updated 2 months ago
• safedv / RustVEHSyscalls

  View on GitHub
  A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.
  ☆164Oct 31, 2024Updated last year
• Offensive-Panda / D3MPSEC

  View on GitHub
  "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…
  ☆28Sep 18, 2024Updated last year
• c2pain / RustBird

  View on GitHub
  Early Bird APC Injection in Rust
  ☆64Oct 9, 2024Updated last year
• tdeerenberg / InlineWhispers3

  View on GitHub
  Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
  ☆103Jul 9, 2025Updated 8 months ago
• Offensive-Panda / PEB_WALK_AND_API_OBFUSCATION_INJECTION

  View on GitHub
  This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.
  ☆26Jul 26, 2024Updated last year
• strozfriedberg / EDRSilencer-BOF

  View on GitHub
  Port of the EDRSilencer tool (https://github.com/netero1010/EDRSilencer) to BOF format
  ☆33Oct 22, 2024Updated last year
• NUL0x4C / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆61May 12, 2025Updated 10 months ago
• silentEAG / RedTeamOps

  View on GitHub
  Use Rust to implement some Red Team techniques :)
  ☆13Nov 11, 2024Updated last year
• ajm4n / DLLHound

  View on GitHub
  Find potential DLL Sideloads on your windows computer
  ☆220Jan 12, 2025Updated last year
• Maldev-Academy / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆54May 12, 2025Updated 10 months ago
• OffsecDeer / TargetedTimeroast

  View on GitHub
  Tamper Active Directory user attributes to collect their hashes with MS-SNTP
  ☆65Jan 21, 2025Updated last year
• garrettfoster13 / ldap_bofs

  View on GitHub
  Random BOFs for LDAP tradecraft
  ☆74Sep 9, 2025Updated 6 months ago
• kleiton0x00 / RtlHijack

  View on GitHub
  Alternative Read and Write primitives using Rtl* functions the unintended way.
  ☆79Aug 25, 2025Updated 7 months ago
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆268Apr 8, 2025Updated 11 months ago
• duhirsch / MoveEdr

  View on GitHub
  Permanently disable EDRs as local admin
  ☆128Dec 19, 2025Updated 3 months ago
• Leo4j / Invoke-ShareHunter

  View on GitHub
  Enumerate the Domain for Readable and Writable Shares
  ☆23Nov 14, 2025Updated 4 months ago
• Whitecat18 / earlycascade-injection

  View on GitHub
  Early cascade injection PoC based on Outflanks blog post written in Rust
  ☆67Dec 26, 2025Updated 2 months ago
• hwbp / NTDLL-Unhook

  View on GitHub
  proper ntdll .text section unhooking via native api. unlike other unhookers this doesnt leave 2 ntdlls loaded. x86/x64/wow64 supported.
  ☆53Dec 9, 2025Updated 3 months ago
• 0xJs / BYOVD_read_write_primitive

  View on GitHub
  Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
  ☆211Aug 21, 2025Updated 7 months ago
• patrickt2017 / VEHNetLoader

  View on GitHub
  Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
  ☆50Jul 6, 2025Updated 8 months ago
• InfamousSYN / bloodhound-queries

  View on GitHub
  custom bloodhound queries and knowledge base
  ☆12Apr 16, 2024Updated last year
• HullaBrian / COMmander

  View on GitHub
  .NET tool used to enrich RPC telemetry
  ☆101Jan 24, 2026Updated 2 months ago
• WKL-Sec / docker-cobaltstrike

  View on GitHub
  Docker container for running CobaltStrike 4.7 and above
  ☆24Mar 20, 2025Updated last year
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆239Nov 7, 2024Updated last year
• captain-woof / malware-study

  View on GitHub
  My projects to understand malware development and detection. Use responsibly. I'm not responsible if you cause unauthorised damage to any…
  ☆110Jun 16, 2025Updated 9 months ago
• andreisss / Ghosting-AMSI

  View on GitHub
  Ghosting-AMSI
  ☆228Apr 24, 2025Updated 11 months ago
• Offensive-Panda / LsassReflectDumping

  View on GitHub
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆216Oct 19, 2024Updated last year