ameenalkerdy/ETWShellcodeLoader external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ameenalkerdy/ETWShellcodeLoader

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ameenalkerdy/ETWShellcodeLoader)

Close

ameenalkerdy / ETWShellcodeLoaderView on GitHubMore

• External links
• Readme badge

Shellcode Loader Utilizing ETW Events

☆67Feb 26, 2025Updated last year

Alternatives and similar repositories for ETWShellcodeLoader

Users that are interested in ETWShellcodeLoader are comparing it to the libraries listed below

• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆104Feb 25, 2025Updated last year
• nbaertsch / PoolProxy

  View on GitHub
  Proxy function calls through the thread pool with ease
  ☆31Feb 27, 2025Updated last year
• racoten / BetterNetLoader

  View on GitHub
  A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints
  ☆121Jul 11, 2025Updated 7 months ago
• rbmm / RtlClone

  View on GitHub
  ☆42Feb 18, 2025Updated last year
• Kryp7os / SharpRBCD

  View on GitHub
  An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD
  ☆49Mar 10, 2025Updated 11 months ago
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• dmcxblue / NtCreateUserProcessBOF

  View on GitHub
  An Aggressor Script that utilizes NtCreateUserProcess to run binaries
  ☆30Jan 30, 2025Updated last year
• senzee1984 / MutationGate

  View on GitHub
  Use hardware breakpoint to dynamically change SSN in run-time
  ☆279Apr 10, 2024Updated last year
• Teach2Breach / pool_party_rs

  View on GitHub
  remote process injections using pool party techniques
  ☆70Jun 29, 2025Updated 7 months ago
• ricardojoserf / BOF_Files

  View on GitHub
  Repository to gather the BOF files I will be developing
  ☆11Oct 1, 2024Updated last year
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆225Oct 30, 2025Updated 3 months ago
• zzhsec / NlsCodeInjectionThroughRegistry

  View on GitHub
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆17Jun 18, 2022Updated 3 years ago
• 0xHossam / HuffLoader

  View on GitHub
  Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
  ☆281Apr 6, 2025Updated 10 months ago
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆285Feb 8, 2025Updated last year
• silentwarble / Hannibal

  View on GitHub
  Mythic C2 Agent written in x64 PIC C
  ☆84Jan 29, 2025Updated last year
• 0xHossam / KernelCallbackTable-Injection-PoC

  View on GitHub
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆270Oct 31, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆281Sep 18, 2024Updated last year
• casp3r0x0 / PolymorphicSignature

  View on GitHub
  A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.
  ☆17Feb 3, 2025Updated last year
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆325Apr 12, 2024Updated last year
• hasherezade / waiting_thread_hijacking

  View on GitHub
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆263Aug 31, 2025Updated 5 months ago
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆334Mar 6, 2025Updated 11 months ago
• 0xRedpoll / WhatsAppKeyBOF

  View on GitHub
  A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.
  ☆88Mar 2, 2025Updated 11 months ago
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆195Nov 27, 2024Updated last year
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• V-i-x-x / kernel-callback-removal

  View on GitHub
  kernel callback removal (Bypassing EDR Detections)
  ☆211Nov 14, 2025Updated 3 months ago
• klezVirus / koppeling-p

  View on GitHub
  Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
  ☆79Aug 5, 2024Updated last year
• nbaertsch / Shrike

  View on GitHub
  Hunting and injecting RWX 'mockingjay' DLLs in pure nim
  ☆59Dec 11, 2024Updated last year
• JayGLXR / Rusty-Stardust

  View on GitHub
  A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…
  ☆59Mar 17, 2025Updated 11 months ago
• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆137Apr 6, 2025Updated 10 months ago
• susMdT / LoudSunRun

  View on GitHub
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆256Oct 16, 2024Updated last year
• Teach2Breach / hollow_rs

  View on GitHub
  A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
  ☆31Feb 7, 2025Updated last year
• vxCrypt0r / AMSI_VEH

  View on GitHub
  A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…
  ☆168May 30, 2024Updated last year
• icyguider / LatLoader

  View on GitHub
  PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
  ☆307Dec 9, 2023Updated 2 years ago
• deh00ni / NtDumpBOF

  View on GitHub
  ☆100Sep 1, 2024Updated last year
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆381Dec 13, 2024Updated last year
• m4ul3r / writing_nimless

  View on GitHub
  Writing Nimless Nim - Slides and source for BSIDESKC 2024 talk.
  ☆85Jul 11, 2025Updated 7 months ago
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆237Nov 7, 2024Updated last year
• CICADA8-Research / COMThanasia

  View on GitHub
  A set of programs for analyzing common vulnerabilities in COM
  ☆246Sep 8, 2024Updated last year