Alternatives and similar repositories for bds_userland

Users that are interested in bds_userland are comparing it to the libraries listed below

• killvxk / awesome_shell_loaders
  shellcode-loaders and beacon-loaders
  ☆64Updated last year
• aplyc1a / PEMemoryLoader
  Load static-compiled PE from remote server.
  ☆62Updated 3 years ago
• ASkyeye / FilelessRemotePE
  Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
  ☆63Updated 2 years ago
• hid3rx / GhostWriting
  ☆30Updated last year
• evilashz / PigSyscall
  An implementation of an indirect system call
  ☆127Updated last year
• dk0m / ZeroCrumb
  Dumping App Bound Protected Credentials & Cookies Without Privileges.
  ☆40Updated last week
• S12cybersecurity / S12URootkit
  User Mode Windows Rootkit
  ☆63Updated last year
• XaFF-XaFF / ZwProcessHollowing
  ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
  ☆85Updated 2 years ago
• waawaa / breakcyserver
  ☆49Updated 2 years ago
• Crowdfense / CVE-2024-21338
  Windows AppLocker Driver (appid.sys) LPE
  ☆60Updated 10 months ago
• raykaryshyn / FakeTLS
  Client/server code that impersonates TLS 1.3 to disguise C2 activity.
  ☆69Updated 2 years ago
• Meowmycks / etwunhook
  Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.
  ☆47Updated last year
• WKL-Sec / StackMask
  A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.
  ☆64Updated 2 years ago
• 0xlane / process_ghosting
  ProcessGhosting 技术的 rust 实现版本
  ☆25Updated 7 months ago
• fortra / CVE-2022-37969
  Windows LPE exploit for CVE-2022-37969
  ☆134Updated last year
• arsium / PELoader
  ☆20Updated last year
• ldpreload / werkernel
  Windows LPE Nday
  ☆26Updated last year
• bopin2020 / WindowsCamp
  Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&
  ☆55Updated 3 weeks ago
• bestspear / ReBeacon_ForClang
  Beacon compiled using clang
  ☆69Updated 2 years ago
• jseclab / obj2shellcode
  shellcode生成框架
  ☆86Updated 10 months ago
• qwqdanchun / RainbowSheep
  Change hash for a signed pe
  ☆16Updated last year
• Vasco0x4 / ShadeLoader
  ShadeLoader is a shellcode loader designed to bypass most antivirus software. 壳代码, 杀毒软件, 绕过
  ☆40Updated 2 weeks ago
• ProcessusT / SharpVenoma
  CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
  ☆45Updated last year
• capt-meelo / KernelCallbackTable-Injection
  Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
  ☆126Updated 3 years ago
• aaaddress1 / wowGrail
  PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
  ☆106Updated 4 years ago
• zha0gongz1 / weakenDefenderPriv
  Without closing windows defender, to make defender useless by removing its token privileges and lowering the token integrity.
  ☆32Updated 3 years ago
• su1s / encryptor
  Windows shellcode encoding and encrypting tool
  ☆21Updated 3 years ago
• Crypt0s / Ekko_CFG_Bypass
  A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
  ☆103Updated 2 years ago
• timwhitez / Doge-sRDI
  Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode
  ☆60Updated 4 years ago
• 0x00Check / Amaterasu
  Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Pr…
  ☆72Updated last year