Alternatives and similar repositories for L1LKiller

Users that are interested in L1LKiller are comparing it to the libraries listed below

• brosck / Rebellion

  View on GitHub
  「⚔️」Ring 0 Rootkit for Linux Kernels x86/x86_64 5.x/6.x
  ☆27Apr 10, 2025Updated 10 months ago
• redr0nin / Serenity

  View on GitHub
  C# DInvoke Shellcode Runner
  ☆31Feb 10, 2025Updated last year
• brosck / Frosty

  View on GitHub
  「🧊」Ring 3 Rootkit for Windows 10
  ☆60Dec 7, 2024Updated last year
• brosck / Reaper

  View on GitHub
  「💀」Proof of concept on BYOVD attack
  ☆165Dec 7, 2024Updated last year
• brosck / APIHookingDetector

  View on GitHub
  「⚙️」Detect which native Windows API's (NtAPI) are being hooked
  ☆39Dec 7, 2024Updated last year
• casp3r0x0 / CortexRansomBypass

  View on GitHub
  Cortex EDR Ransomware protection Bypass
  ☆25Feb 8, 2025Updated last year
• S3N4T0R-0X0 / Hunter

  View on GitHub
  Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…
  ☆91Apr 23, 2025Updated 9 months ago
• 0xRedpoll / SignalKeyBOF

  View on GitHub
  BOF to decrypt Signal Desktop chat logs
  ☆72Feb 20, 2025Updated 11 months ago
• yehia-mamdouh / ZeroProbe

  View on GitHub
  ZeroProbe is an advanced enumeration and analysis framework designed for exploit developers, security researchers, and red teamers. It pr…
  ☆106Mar 10, 2025Updated 11 months ago
• whokilleddb / BoosterDriver

  View on GitHub
  A step-by-step walkthrough of how to write a Client and a Driver to communicate with each other and boost the priority of a thread.
  ☆17Dec 12, 2023Updated 2 years ago
• EspressoCake / cIdentifyServiceDependencies_BOF

  View on GitHub
  Beacon Object File (BOF) for identifying dependent child services of a given parent.
  ☆18Jun 20, 2025Updated 7 months ago
• MatheuZSecurity / Simple-BufferOverflow

  View on GitHub
  A simple C program to demonstrate a Buffer Overflow.
  ☆12Jul 31, 2021Updated 4 years ago
• Pwnd4 / DefenseEvasion

  View on GitHub
  Bypassing AV, EDR, Application Whitelisting and ASR Rules
  ☆13Apr 18, 2023Updated 2 years ago
• dmcxblue / PyObscura

  View on GitHub
  A python script that automates a C2 Profile build
  ☆48Dec 14, 2025Updated 2 months ago
• ferreiraklet / icmp_reverse_shell

  View on GitHub
  ☆44Dec 11, 2022Updated 3 years ago
• rasta-mouse / process-inject-kit

  View on GitHub
  Port of Cobalt Strike's Process Inject Kit
  ☆190Dec 1, 2024Updated last year
• ViperXSecurity / lib-nosa

  View on GitHub
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆120Sep 8, 2024Updated last year
• thalpius / Microsoft-Defender-for-Identity-Encrypted-Password

  View on GitHub
  ☆36May 27, 2024Updated last year
• ferreiraklet / wolfy

  View on GitHub
  Wolfy AV Bypasser
  ☆29Feb 8, 2023Updated 3 years ago
• Abdelrahme / WinLogHunt

  View on GitHub
  ☆22Aug 16, 2025Updated 5 months ago
• susMdT / SharpIndirectSyscalls

  View on GitHub
  ☆11Feb 12, 2023Updated 3 years ago
• Idov31 / talks-and-publications

  View on GitHub
  Released presentations of my talks + code that used during these talks
  ☆15Sep 5, 2024Updated last year
• MatheuZSecurity / NullSection

  View on GitHub
  NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes.
  ☆67Jan 20, 2024Updated 2 years ago
• jfmaes / DeepSleep

  View on GitHub
  all credits go to @mgeeky
  ☆64Oct 14, 2021Updated 4 years ago
• rbmm / Hollowed-Process

  View on GitHub
  ☆30Aug 24, 2025Updated 5 months ago
• 0x3rhy / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆13Feb 4, 2024Updated 2 years ago
• Tylous / Dent

  View on GitHub
  A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
  ☆15Apr 4, 2023Updated 2 years ago
• The-Viper-One / Invoke-PassTheCert

  View on GitHub
  Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel
  ☆59Apr 13, 2025Updated 10 months ago
• Workingdaturah / Payload-Generator

  View on GitHub
  An aggressor script that can help automate payload building in Cobalt Strike
  ☆118Jan 22, 2024Updated 2 years ago
• ph4nt0mbyt3 / Darkside

  View on GitHub
  C# AV/EDR Killer using less-known driver (BYOVD)
  ☆185Nov 10, 2023Updated 2 years ago
• Tylous / File-Smuggling

  View on GitHub
  HTML smuggling is not an evil, it can be useful
  ☆14Jan 28, 2023Updated 3 years ago
• totekuh / eternalblue

  View on GitHub
  MS17-010 scanner / exploit
  ☆13Jan 5, 2020Updated 6 years ago
• helviojunior / enumdns

  View on GitHub
  EnumDNS is a modular DNS reconnaissance tool capable of resolving hosts from various sources, including wordlists, BloodHound files, and …
  ☆20Jan 26, 2026Updated 2 weeks ago
• casp3r0x0 / CallWindowProcW-ShellcodeLoader

  View on GitHub
  ☆18Sep 1, 2025Updated 5 months ago
• 0xTriboulet / T-70

  View on GitHub
  A proof-of-concept shellcode loader that leverages AI/ML face recognition models to verify the identity of a user on a target system
  ☆40Oct 30, 2024Updated last year
• Hackcraft-Labs / SharpShares

  View on GitHub
  Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain
  ☆34Nov 13, 2023Updated 2 years ago
• HackerHermanos / C2_INFRA_WORKSHOP_DEFCON32_RED_TEAM_VILLAGE

  View on GitHub
  C2 Infrastructure Automation
  ☆118Jun 21, 2025Updated 7 months ago
• VoldeSec / PatchlessInlineExecute-Assembly

  View on GitHub
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆271Apr 17, 2023Updated 2 years ago
• infermiere / tg-rat

  View on GitHub
  🙊 Advanced Rat controllable by a telegram bot with many commands and functions.
  ☆17Jun 19, 2024Updated last year