ameenalkerdy/ETWShellcodeLoader external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ameenalkerdy/ETWShellcodeLoader

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ameenalkerdy/ETWShellcodeLoader)

Close

ameenalkerdy / ETWShellcodeLoaderView on GitHubMore

• External links
• Readme badge

Shellcode Loader Utilizing ETW Events

☆66Feb 26, 2025Updated last year

Alternatives and similar repositories for ETWShellcodeLoader

Users that are interested in ETWShellcodeLoader are comparing it to the libraries listed below

• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆104Feb 25, 2025Updated last year
• nbaertsch / PoolProxy

  View on GitHub
  Proxy function calls through the thread pool with ease
  ☆31Feb 27, 2025Updated last year
• racoten / BetterNetLoader

  View on GitHub
  A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints
  ☆125Jul 11, 2025Updated 8 months ago
• rbmm / RtlClone

  View on GitHub
  ☆42Feb 18, 2025Updated last year
• Kryp7os / SharpRBCD

  View on GitHub
  An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD
  ☆49Mar 10, 2025Updated last year
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• zzhsec / NlsCodeInjectionThroughRegistry

  View on GitHub
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆17Jun 18, 2022Updated 3 years ago
• dmcxblue / NtCreateUserProcessBOF

  View on GitHub
  An Aggressor Script that utilizes NtCreateUserProcess to run binaries
  ☆30Jan 30, 2025Updated last year
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆233Oct 30, 2025Updated 4 months ago
• ricardojoserf / BOF_Files

  View on GitHub
  Repository to gather the BOF files I will be developing
  ☆11Oct 1, 2024Updated last year
• nbaertsch / Shrike

  View on GitHub
  Hunting and injecting RWX 'mockingjay' DLLs in pure nim
  ☆60Dec 11, 2024Updated last year
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆285Feb 8, 2025Updated last year
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆326Apr 12, 2024Updated last year
• 0xHossam / KernelCallbackTable-Injection-PoC

  View on GitHub
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆271Oct 31, 2024Updated last year
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆335Mar 6, 2025Updated last year
• 0xHossam / HuffLoader

  View on GitHub
  Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
  ☆283Apr 6, 2025Updated 11 months ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• 0xRedpoll / WhatsAppKeyBOF

  View on GitHub
  A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.
  ☆87Mar 2, 2025Updated last year
• senzee1984 / MutationGate

  View on GitHub
  Use hardware breakpoint to dynamically change SSN in run-time
  ☆280Apr 10, 2024Updated last year
• hasherezade / waiting_thread_hijacking

  View on GitHub
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆264Aug 31, 2025Updated 6 months ago
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆195Nov 27, 2024Updated last year
• m4ul3r / writing_nimless

  View on GitHub
  Writing Nimless Nim - Slides and source for BSIDESKC 2024 talk.
  ☆85Jul 11, 2025Updated 8 months ago
• rbmm / SC

  View on GitHub
  shell code example
  ☆68Dec 12, 2025Updated 3 months ago
• Teach2Breach / pool_party_rs

  View on GitHub
  remote process injections using pool party techniques
  ☆70Jun 29, 2025Updated 8 months ago
• Teach2Breach / hollow_rs

  View on GitHub
  A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
  ☆31Feb 7, 2025Updated last year
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆384Dec 13, 2024Updated last year
• silentwarble / Hannibal

  View on GitHub
  Mythic C2 Agent written in x64 PIC C
  ☆84Jan 29, 2025Updated last year
• deh00ni / NtDumpBOF

  View on GitHub
  ☆100Sep 1, 2024Updated last year
• CICADA8-Research / TypeLibWalker

  View on GitHub
  TypeLib persistence technique
  ☆141Oct 22, 2024Updated last year
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆268Apr 8, 2025Updated 11 months ago
• klezVirus / koppeling-p

  View on GitHub
  Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
  ☆79Aug 5, 2024Updated last year
• cpu0x00 / EternelSuspention

  View on GitHub
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆39Jul 12, 2024Updated last year
• casp3r0x0 / PolymorphicSignature

  View on GitHub
  A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.
  ☆17Feb 3, 2025Updated last year
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• V-i-x-x / kernel-callback-removal

  View on GitHub
  kernel callback removal (Bypassing EDR Detections)
  ☆210Nov 14, 2025Updated 4 months ago
• Friends-Security / RedirectThread

  View on GitHub
  Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…
  ☆199Jun 17, 2025Updated 9 months ago
• Meowmycks / koneko

  View on GitHub
  Robust Cobalt Strike shellcode loader with multiple advanced evasion features
  ☆200Apr 21, 2025Updated 10 months ago
• xforcered / BOFMask

  View on GitHub
  ☆128Jun 28, 2023Updated 2 years ago