c2pain/RustPatchlessCLRLoader external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

c2pain/RustPatchlessCLRLoader

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/c2pain/RustPatchlessCLRLoader)

Close

c2pain / RustPatchlessCLRLoaderView on GitHubMore

• External links
• Readme badge

.NET assembly loader with patchless AMSI and ETW bypass in Rust

☆58Oct 9, 2024Updated last year

Alternatives and similar repositories for RustPatchlessCLRLoader

Users that are interested in RustPatchlessCLRLoader are comparing it to the libraries listed below

• c2pain / RC4_Encryptor

  View on GitHub
  Encrypt any C# binary or bin file
  ☆12Aug 1, 2024Updated last year
• alexlee820 / PatchedCLRLoader

  View on GitHub
  .NET assembly loader with patching AMSI and ETW bypass
  ☆31Apr 16, 2025Updated 10 months ago
• c2pain / RustBird

  View on GitHub
  Early Bird APC Injection in Rust
  ☆63Oct 9, 2024Updated last year
• safedv / RustVEHSyscalls

  View on GitHub
  A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.
  ☆161Oct 31, 2024Updated last year
• silentEAG / RedTeamOps

  View on GitHub
  Use Rust to implement some Red Team techniques :)
  ☆13Nov 11, 2024Updated last year
• casp3r0x0 / CortexRansomBypass

  View on GitHub
  Cortex EDR Ransomware protection Bypass
  ☆26Feb 8, 2025Updated last year
• dobin / waasa

  View on GitHub
  Windows Application Attack Surface Analyzer
  ☆24Feb 22, 2024Updated 2 years ago
• MrAle98 / CVE-2024-49138-POC

  View on GitHub
  POC exploit for CVE-2024-49138
  ☆267Feb 14, 2025Updated last year
• 0xNinjaCyclone / EarlyCascade

  View on GitHub
  A PoC for Early Cascade process injection technique.
  ☆211Jan 30, 2025Updated last year
• Teach2Breach / hollow_rs

  View on GitHub
  A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
  ☆31Feb 7, 2025Updated last year
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆368Apr 19, 2023Updated 2 years ago
• Whitecat18 / earlycascade-injection

  View on GitHub
  Early cascade injection PoC based on Outflanks blog post written in Rust
  ☆68Dec 26, 2025Updated 2 months ago
• mallo-m / AxiomDumper

  View on GitHub
  Lsass dumper evading (all ?) EDR detection
  ☆49Nov 10, 2025Updated 3 months ago
• V-i-x-x / kernel-callback-removal

  View on GitHub
  kernel callback removal (Bypassing EDR Detections)
  ☆211Nov 14, 2025Updated 3 months ago
• djackreuter / proc_noprocdump

  View on GitHub
  Dump LSASS by spoofing command line arguments to procdump.
  ☆20Oct 21, 2024Updated last year
• joaoviictorti / coffeeldr

  View on GitHub
  A COFF Loader written in Rust
  ☆138Dec 1, 2025Updated 3 months ago
• BlackSnufkin / Rusty-Playground

  View on GitHub
  Some Rust program I wrote while learning Malware Development
  ☆158Feb 4, 2025Updated last year
• andreisss / Ghosting-AMSI

  View on GitHub
  Ghosting-AMSI
  ☆224Apr 24, 2025Updated 10 months ago
• redr0nin / CVE-2024-38143

  View on GitHub
  Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
  ☆24Feb 5, 2025Updated last year
• EvilBytecode / Nyx-Full-Dll-Unhook

  View on GitHub
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆51May 22, 2025Updated 9 months ago
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆266Apr 8, 2025Updated 10 months ago
• ASkyeye / AB

  View on GitHub
  Cs-Sleep-Mask-Fiber
  ☆18May 16, 2025Updated 9 months ago
• VoldeSec / PatchlessInlineExecute-Assembly

  View on GitHub
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆277Apr 17, 2023Updated 2 years ago
• ghostbyt3 / BYOVDFinder

  View on GitHub
  Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.
  ☆78Jul 25, 2025Updated 7 months ago
• ricardojoserf / TrickDump

  View on GitHub
  Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
  ☆539May 9, 2025Updated 9 months ago
• grayhatkiller / SharpExShell

  View on GitHub
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆75May 1, 2024Updated last year
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆237Nov 7, 2024Updated last year
• coffeegist / bofhound

  View on GitHub
  Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
  ☆362Jan 29, 2026Updated last month
• praetorian-inc / nebula

  View on GitHub
  ☆9Updated this week
• Offensive-Panda / LsassReflectDumping

  View on GitHub
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆215Oct 19, 2024Updated last year
• helviojunior / hookchain

  View on GitHub
  HookChain: A new perspective for Bypassing EDR Solutions
  ☆590Jan 5, 2025Updated last year
• synacktiv / kcmdump

  View on GitHub
  Dump Kerberos tickets from the KCM database of SSSD
  ☆56Dec 31, 2025Updated 2 months ago
• ipSlav / DirtyCLR

  View on GitHub
  An App Domain Manager Injection DLL PoC on steroids
  ☆212Dec 14, 2023Updated 2 years ago
• cpu0x00 / Ghost

  View on GitHub
  Evasive shellcode loader
  ☆400Oct 17, 2024Updated last year
• EvilBytecode / Ntdll-Unhook

  View on GitHub
  Unhook Ntdll.dll, Go & C++.
  ☆33Apr 21, 2025Updated 10 months ago
• ANYLNK / NSecSoftBYOVD

  View on GitHub
  NSecSoftBYOVD POC
  ☆57Feb 12, 2026Updated 2 weeks ago
• V3ded / ToolDump-v1

  View on GitHub
  Some of my custom "tools".
  ☆28Feb 21, 2022Updated 4 years ago
• warpnet / MS-RPC-Fuzzer

  View on GitHub
  Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By f…
  ☆326Oct 20, 2025Updated 4 months ago