Alternatives and similar repositories for Heavens-Gate

Users that are interested in Heavens-Gate are comparing it to the libraries listed below

• P4nda0s / qwb_vmnote_recompiler

  View on GitHub
  一个将 vmnote 指令集重编译成 x64 指令集的脚本，并且可以用 IDA 进行分析。
  ☆17Jul 12, 2021Updated 4 years ago
• dadas190 / Heavens-Gate-2.0

  View on GitHub
  Executes 64bit code from a 32bit process
  ☆241Jul 23, 2017Updated 8 years ago
• Kara-4search / HellgateLoader_CSharp

  View on GitHub
  Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.
  ☆18Jan 21, 2022Updated 4 years ago
• zimnyaa / inmembof.py

  View on GitHub
  A small example of loading BOFs in Python with pure reflection
  ☆19Jan 26, 2023Updated 3 years ago
• bopin2020 / WindowsCamp

  View on GitHub
  Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&
  ☆62Jan 29, 2026Updated 2 weeks ago
• aaaddress1 / wowInjector

  View on GitHub
  PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
  ☆167May 27, 2021Updated 4 years ago
• cube0x0 / ParallelSyscalls

  View on GitHub
  C# version of MDSec's ParallelSyscalls
  ☆141Jan 9, 2022Updated 4 years ago
• zimawhit3 / DynimicGhostWriting

  View on GitHub
  Windows x64 Process Injection via Ghostwriting with Dynamic Configuration
  ☆29Oct 29, 2021Updated 4 years ago
• TheWover / ModuleMonitor

  View on GitHub
  Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Inj…
  ☆42May 9, 2019Updated 6 years ago
• aaaddress1 / wowGrail

  View on GitHub
  PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
  ☆109May 27, 2021Updated 4 years ago
• HadarShahar / process-hiders

  View on GitHub
  Hides processes from the windows task manager using IAT hooking.
  ☆22Mar 30, 2021Updated 4 years ago
• waleedassar / ALPC_CLIENT_SERVER

  View on GitHub
  Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.
  ☆21Jan 25, 2022Updated 4 years ago
• SolomonSklash / netntlm

  View on GitHub
  A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP
  ☆37Jul 27, 2021Updated 4 years ago
• WBGlIl / mhydump

  View on GitHub
  ☆22Feb 19, 2021Updated 4 years ago
• pwn1sher / RTImplant

  View on GitHub
  Just another casual shellcode native loader
  ☆25Feb 3, 2022Updated 4 years ago
• A-Normal-User / Pretend_HideVirtualMemory

  View on GitHub
  利用物理内存映射，实现虚拟内存的伪隐藏
  ☆86Sep 15, 2022Updated 3 years ago
• SimonZhong2025 / Waste-Self-Rescue-Scheme

  View on GitHub
  废物自救项目！一起向光而行！！！
  ☆11May 7, 2022Updated 3 years ago
• o1mate / DLLProx

  View on GitHub
  Automatic DLL comment link generation and explaination of the DLL Proxying techniques
  ☆10Aug 19, 2021Updated 4 years ago
• jfmaes / blogposts-talks-and-tidbits

  View on GitHub
  all random stuff that dont warrant a seperate repo
  ☆12Sep 2, 2022Updated 3 years ago
• GetRektBoy724 / SharpLoadLibrary

  View on GitHub
  An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.
  ☆55Mar 3, 2022Updated 3 years ago
• trickster0 / TartarusGate

  View on GitHub
  TartarusGate, Bypassing EDRs
  ☆649Jan 25, 2022Updated 4 years ago
• mdsecactivebreach / ParallelSyscalls

  View on GitHub
  ☆169Jan 7, 2022Updated 4 years ago
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆682Mar 11, 2024Updated last year
• am0nsec / HellsGate

  View on GitHub
  Original C Implementation of the Hell's Gate VX Technique
  ☆1,160Jun 28, 2021Updated 4 years ago
• GetRektBoy724 / HalosUnhooker

  View on GitHub
  Halos Gate-based NTAPI Unhooker
  ☆52Apr 21, 2022Updated 3 years ago
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆149Feb 11, 2023Updated 3 years ago
• whokilleddb / A-Study-in-Obfuscation

  View on GitHub
  A Study in Obfuscation: Analyzing the effect of various techniques to bypass AV engines
  ☆45Oct 27, 2022Updated 3 years ago
• timwhitez / AddressOfEntryPoint-injection

  View on GitHub
  x64 version
  ☆36Oct 8, 2021Updated 4 years ago
• GetRektBoy724 / SharpUnhooker

  View on GitHub
  C# Based Universal API Unhooker
  ☆411Feb 18, 2022Updated 3 years ago
• EspressoCake / DLL_Version_Enumeration_BOF

  View on GitHub
  A BOF for enumerating version information for DLLs associated for a Beacon process.
  ☆16Nov 23, 2021Updated 4 years ago
• Mantraufo / Kanoninjector

  View on GitHub
  Runpe + DInvoke + Syscall
  ☆16Jun 18, 2021Updated 4 years ago
• DamonMohammadbagher / NativePayload_CBT

  View on GitHub
  NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)
  ☆118Jun 7, 2023Updated 2 years ago
• reevesrs24 / EvasiveProcessHollowing

  View on GitHub
  Evasive Process Hollowing Techniques
  ☆142Aug 16, 2020Updated 5 years ago
• EspressoCake / HandleKatz_BOF

  View on GitHub
  A BOF port of the research of @thefLinkk and @codewhitesec
  ☆100Oct 12, 2021Updated 4 years ago
• trickster0 / LdrLoadDll-Unhooking

  View on GitHub
  LdrLoadDll Unhooking
  ☆135Jan 16, 2022Updated 4 years ago
• Yaxser / COFFLoader2

  View on GitHub
  Load and execute COFF files and Cobalt Strike BOFs in-memory
  ☆226Sep 13, 2022Updated 3 years ago
• trickster0 / CReadMemory

  View on GitHub
  Read Memory without ReadProcessMemory for Current Process
  ☆89Feb 13, 2022Updated 4 years ago
• outflanknl / FindObjects-BOF

  View on GitHub
  A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…
  ☆275May 3, 2023Updated 2 years ago
• wumb0 / rust_bof

  View on GitHub
  Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.
  ☆282Feb 8, 2024Updated 2 years ago