c2pain/RustPatchlessCLRLoader external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

c2pain/RustPatchlessCLRLoader

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/c2pain/RustPatchlessCLRLoader)

Close

c2pain / RustPatchlessCLRLoaderView on GitHubMore

• External links
• Readme badge

.NET assembly loader with patchless AMSI and ETW bypass in Rust

☆58Oct 9, 2024Updated last year

Alternatives and similar repositories for RustPatchlessCLRLoader

Users that are interested in RustPatchlessCLRLoader are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• c2pain / RC4_Encryptor

  View on GitHub
  Encrypt any C# binary or bin file
  ☆12Aug 1, 2024Updated last year
• alexlee820 / PatchedCLRLoader

  View on GitHub
  .NET assembly loader with patching AMSI and ETW bypass
  ☆33Apr 16, 2025Updated last year
• c2pain / RustBird

  View on GitHub
  Early Bird APC Injection in Rust
  ☆64Oct 9, 2024Updated last year
• casp3r0x0 / CortexRansomBypass

  View on GitHub
  Cortex EDR Ransomware protection Bypass
  ☆27Feb 8, 2025Updated last year
• safedv / RustVEHSyscalls

  View on GitHub
  A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.
  ☆164Oct 31, 2024Updated last year
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• san6051 / TeamsCh-Shell

  View on GitHub
  ☆39Mar 31, 2025Updated last year
• andreisss / Ghosting-AMSI

  View on GitHub
  Ghosting-AMSI
  ☆235Apr 24, 2025Updated last year
• silentEAG / RedTeamOps

  View on GitHub
  Use Rust to implement some Red Team techniques :)
  ☆13Nov 11, 2024Updated last year
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆379Apr 19, 2023Updated 3 years ago
• Whitecat18 / earlycascade-injection

  View on GitHub
  Early cascade injection PoC based on Outflanks blog post written in Rust
  ☆67Dec 26, 2025Updated 4 months ago
• VoldeSec / PatchlessInlineExecute-Assembly

  View on GitHub
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆284Apr 17, 2023Updated 3 years ago
• MrAle98 / CVE-2024-49138-POC

  View on GitHub
  POC exploit for CVE-2024-49138
  ☆268Feb 14, 2025Updated last year
• V-i-x-x / kernel-callback-removal

  View on GitHub
  kernel callback removal (Bypassing EDR Detections)
  ☆216Nov 14, 2025Updated 5 months ago
• mallo-m / AxiomDumper

  View on GitHub
  Lsass dumper evading (all ?) EDR detection
  ☆54Nov 10, 2025Updated 5 months ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• 0xNinjaCyclone / EarlyCascade

  View on GitHub
  A PoC for Early Cascade process injection technique.
  ☆216Jan 30, 2025Updated last year
• redr0nin / CVE-2024-38143

  View on GitHub
  Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
  ☆24Feb 5, 2025Updated last year
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆197Feb 6, 2025Updated last year
• dobin / waasa

  View on GitHub
  Windows Application Attack Surface Analyzer
  ☆24Feb 22, 2024Updated 2 years ago
• Teach2Breach / hollow_rs

  View on GitHub
  A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
  ☆31Feb 7, 2025Updated last year
• BlackSnufkin / Rusty-Playground

  View on GitHub
  Some Rust program I wrote while learning Malware Development
  ☆161Feb 4, 2025Updated last year
• Offensive-Panda / LsassReflectDumping

  View on GitHub
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆217Oct 19, 2024Updated last year
• joaoviictorti / coffeeldr

  View on GitHub
  A COFF Loader written in Rust
  ☆141Dec 1, 2025Updated 5 months ago
• ricardojoserf / TrickDump

  View on GitHub
  Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
  ☆551May 9, 2025Updated 11 months ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• warpnet / MS-RPC-Fuzzer

  View on GitHub
  Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By f…
  ☆329Oct 20, 2025Updated 6 months ago
• joaoviictorti / runas

  View on GitHub
  Rust crate to run commands as another user
  ☆56Feb 12, 2026Updated 2 months ago
• 0xdea / blindsight

  View on GitHub
  Red teaming tool to dump LSASS memory, bypassing basic countermeasures.
  ☆247Mar 9, 2026Updated last month
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆269Apr 8, 2025Updated last year
• coffeegist / bofhound

  View on GitHub
  Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
  ☆382Updated this week
• djackreuter / proc_noprocdump

  View on GitHub
  Dump LSASS by spoofing command line arguments to procdump.
  ☆20Oct 21, 2024Updated last year
• synacktiv / kcmdump

  View on GitHub
  Dump Kerberos tickets from the KCM database of SSSD
  ☆57Dec 31, 2025Updated 4 months ago
• nicholasvg / RunPE-Process-Hollowing-GO

  View on GitHub
  Thanks to @d35ha
  ☆13Aug 16, 2021Updated 4 years ago
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆241Nov 7, 2024Updated last year
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• EricEsquivel / Inline-EA

  View on GitHub
  Cobalt Strike BOF for evasive .NET assembly execution
  ☆317Mar 31, 2025Updated last year
• ANYLNK / NSecSoftBYOVD

  View on GitHub
  NSecSoftBYOVD POC
  ☆58Feb 12, 2026Updated 2 months ago
• ASkyeye / AB

  View on GitHub
  Cs-Sleep-Mask-Fiber
  ☆18May 16, 2025Updated 11 months ago
• cybersectroll / TrollAMSI

  View on GitHub
  ☆188Jun 14, 2025Updated 10 months ago
• grayhatkiller / SharpExShell

  View on GitHub
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆75May 1, 2024Updated last year
• uf0o / Counterfeit_Object_Oriented_Programming_COOP

  View on GitHub
  ☆20Oct 15, 2024Updated last year
• ajm4n / DLLHound

  View on GitHub
  Find potential DLL Sideloads on your windows computer
  ☆220Jan 12, 2025Updated last year