Alternatives and similar repositories for it-o

Users that are interested in it-o are comparing it to the libraries listed below

• blinkenl1ghts / donloader
  donLoader is a shellcode loader creation tool that uses donut to convert executable payloads into shellcode to evade detection on disk.
  ☆20Updated 3 years ago
• vyrus001 / ebowla-2
  reboot of https://github.com/Genetic-Malware/Ebowla in order to simplify / modernize the codebase and provide ongoing support
  ☆22Updated 3 years ago
• knavesec / EyeWitnessTheFitness
  Exactly what it sounds like, which is something rad
  ☆22Updated 2 years ago
• rvrsh3ll / SharpSSDP
  SSDP Service Discovery
  ☆17Updated 6 years ago
• ChoiSG / sNanoDumpInject
  NanoDumpInject from https://s3cur3th1ssh1t.github.io/Reflective-Dump-Tools/ , minor edits with a few syscalls
  ☆11Updated 3 years ago
• its-a-feature / loginItemManipulator
  ☆15Updated 4 years ago
• 001SPARTaN / SaltedCaramel
  Apfell implant written in C#.
  ☆8Updated 4 years ago
• shlyuz / implant_go
  Golang Shlyuz Implant Implementation
  ☆13Updated 3 weeks ago
• turekt / knockknockgo
  Pure Go rewrite of knockknock
  ☆10Updated 2 years ago
• zimnyaa / inmembof.py
  A small example of loading BOFs in Python with pure reflection
  ☆19Updated 2 years ago
• aj-code / 3gsocks
  3gsocks - a reverse connection socks5 based network pivot
  ☆10Updated 4 years ago
• sk3w / beacon-object-files
  Miscellaneous examples for use with Cobalt Strike Beacon
  ☆10Updated 4 years ago
• cedowens / JXA-Runner
  Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.
  ☆24Updated 4 years ago
• bhassani / doublepulsar
  DoublePulsar (Position-Independent) Shellcode (Windows 7 SP1 x64)
  ☆27Updated 5 years ago
• delivr-to / MailCollector
  A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM
  ☆20Updated last year
• ajpc500 / RelayRumbler
  A proof-of-concept tool that attempts to retrieve the configuration from the memory dump of an F-Secure C3 Relay executable.
  ☆18Updated 3 years ago
• Meckazin / HidingFromETW
  PoC for detecting and evading ETW detection of .Net Assembly.Load
  ☆20Updated 4 years ago
• MythicC2Profiles / httpx
  Configurable, Community driven, HTTP C2 Profile
  ☆22Updated 2 weeks ago
• xenoscr / compressedCredBandit
  A variation CredBandit that uses compression to reduce the size of the data that must be trasnmitted.
  ☆19Updated 3 years ago
• hrbrmstr / go-hhhash
  #️⃣ 🕸️ 👤 HTTP Headers Hashing
  ☆13Updated last year
• audibleblink / davil
  leaking net-ntlm with webdav
  ☆25Updated 4 years ago
• jackullrich / EmulateMe
  Showing how proof-of-work can be used to evade antivirus emulators.
  ☆11Updated 6 months ago
• moloch-- / DarkLoadLibrary
  LoadLibrary for offensive operations
  ☆33Updated 3 years ago
• DominicBreuker / SliverSamples
  A collection of sample code used in some experiments with Sliver C2
  ☆13Updated 2 years ago
• zimnyaa / beepsyscall
  An adaptation of timwhitez's proxycall that uses kernelbase.dll!Beep.
  ☆12Updated last year
• ChoiSG / GwisinMsi
  PoC MSI payload based on ASEC/AhnLab's blog post
  ☆23Updated 2 years ago
• skelsec / aiowinreg
  Registry hive parsing the async way
  ☆21Updated 3 months ago
• hotnops / mythic-sync
  A tool to sync mythic events with ghostwriter oplog.
  ☆13Updated 6 months ago
• warhorse / ansible-role-cobaltstrike-docker
  Ansible Cobalt Strike (Docker)
  ☆15Updated 3 years ago
• timwhitez / JmpUnhook
  Ntdll Unhooking POC
  ☆19Updated 2 years ago