bytecode77/living-off-the-land external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

bytecode77/living-off-the-land

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/bytecode77/living-off-the-land)

Close

bytecode77 / living-off-the-landView on GitHubMore

• External links
• Readme badge

Fileless attack with persistence

☆370Jun 28, 2025Updated 8 months ago

Alternatives and similar repositories for living-off-the-land

Users that are interested in living-off-the-land are comparing it to the libraries listed below

• bytecode77 / pe-union

  View on GitHub
  Crypter, binder & downloader with native & .NET stub, evasive by design, user friendly UI
  ☆735Jun 28, 2025Updated 8 months ago
• bytecode77 / r77-rootkit

  View on GitHub
  Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
  ☆2,103Feb 19, 2026Updated 2 weeks ago
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• ZeroMemoryEx / Chaos-Rootkit

  View on GitHub
  Now You See Me, Now You Don't
  ☆1,027Jan 23, 2026Updated last month
• bytecode77 / self-morphing-csharp-binary

  View on GitHub
  Executable that mutates its own code
  ☆392Jun 28, 2025Updated 8 months ago
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆604Apr 19, 2023Updated 2 years ago
• bytecode77 / component-services-privilege-escalation

  View on GitHub
  Component Services Volatile Environment LPE
  ☆12Jun 28, 2025Updated 8 months ago
• outflanknl / Dumpert

  View on GitHub
  LSASS memory dumper using direct system calls and API unhooking.
  ☆1,576Jan 5, 2021Updated 5 years ago
• 3xpl01tc0d3r / ProcessInjection

  View on GitHub
  This program is designed to demonstrate various process injection techniques
  ☆1,227Aug 7, 2025Updated 7 months ago
• eversinc33 / Banshee

  View on GitHub
  Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
  ☆591Aug 2, 2025Updated 7 months ago
• bytecode77 / taskmgr-privilege-escalation

  View on GitHub
  TaskMgr Volatile Environment LPE
  ☆16Jun 28, 2025Updated 8 months ago
• xuanxuan0 / DripLoader

  View on GitHub
  Evasive shellcode loader for bypassing event-based injection detection (PoC)
  ☆822Aug 23, 2021Updated 4 years ago
• bytecode77 / display-languages-privilege-escalation

  View on GitHub
  Display Languages Volatile Environment LPE
  ☆12Jun 28, 2025Updated 8 months ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆779Jan 26, 2026Updated last month
• Cracked5pider / KaynLdr

  View on GitHub
  KaynLdr is a Reflective Loader written in C/ASM
  ☆553Dec 3, 2023Updated 2 years ago
• phra / PEzor

  View on GitHub
  Open-Source Shellcode & PE Packer
  ☆2,071Feb 3, 2024Updated 2 years ago
• aaaddress1 / sakeInject

  View on GitHub
  Windows PE - TLS (Thread Local Storage) Injector in C/C++
  ☆109Jan 3, 2021Updated 5 years ago
• CognisysGroup / SweetDreams

  View on GitHub
  Implementation of Advanced Module Stomping and Heap/Stack Encryption
  ☆225Jul 25, 2023Updated 2 years ago
• 0xthirteen / SharpStay

  View on GitHub
  .NET project for installing Persistence
  ☆498Jun 26, 2024Updated last year
• mgeeky / ShellcodeFluctuation

  View on GitHub
  An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…
  ☆1,092Jun 17, 2022Updated 3 years ago
• mgeeky / ProtectMyTooling

  View on GitHub
  Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts wa…
  ☆1,056Oct 14, 2025Updated 4 months ago
• aaaddress1 / Skrull

  View on GitHub
  Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers t…
  ☆456Oct 25, 2021Updated 4 years ago
• CCob / SharpBlock

  View on GitHub
  A method of bypassing EDR's active projection DLL's by preventing entry point exection
  ☆1,163Mar 31, 2021Updated 4 years ago
• Idov31 / Nidhogg

  View on GitHub
  Nidhogg is an all-in-one simple to use windows kernel rootkit.
  ☆2,276Feb 15, 2026Updated 3 weeks ago
• RedCursorSecurityConsulting / PPLKiller

  View on GitHub
  Tool to bypass LSA Protection (aka Protected Process Light)
  ☆989Dec 4, 2022Updated 3 years ago
• icyguider / Shhhloader

  View on GitHub
  Syscall Shellcode Loader (Work in Progress)
  ☆1,258May 8, 2024Updated last year
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,602Jul 31, 2024Updated last year
• trickster0 / TartarusGate

  View on GitHub
  TartarusGate, Bypassing EDRs
  ☆653Jan 25, 2022Updated 4 years ago
• kleiton0x00 / Shelltropy

  View on GitHub
  A technique of hiding malicious shellcode via Shannon encoding.
  ☆264Oct 23, 2022Updated 3 years ago
• forrest-orr / phantom-dll-hollower-poc

  View on GitHub
  Phantom DLL hollowing PoC
  ☆371May 23, 2022Updated 3 years ago
• am0nsec / HellsGate

  View on GitHub
  Original C Implementation of the Hell's Gate VX Technique
  ☆1,163Jun 28, 2021Updated 4 years ago
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆684Mar 11, 2024Updated last year
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆677Aug 15, 2025Updated 6 months ago
• med0x2e / SigFlip

  View on GitHub
  SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…
  ☆1,255Aug 27, 2023Updated 2 years ago
• D4stiny / spectre

  View on GitHub
  A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
  ☆722Aug 5, 2020Updated 5 years ago
• rbmm / Hollowed-Process

  View on GitHub
  ☆29Aug 24, 2025Updated 6 months ago
• georgesotiriadis / Chimera

  View on GitHub
  Automated DLL Sideloading Tool With EDR Evasion Capabilities
  ☆505Dec 19, 2023Updated 2 years ago
• joshfaust / Alaris

  View on GitHub
  A protective and Low Level Shellcode Loader that defeats modern EDR systems.
  ☆917Mar 20, 2024Updated last year
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,006Jun 4, 2024Updated last year