cpu0x00/SharpReflectivePEInjection

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/cpu0x00/SharpReflectivePEInjection)

cpu0x00 / SharpReflectivePEInjection

reflectively load and execute PEs locally and remotely bypassing EDR hooks

☆164

Alternatives and similar repositories for SharpReflectivePEInjection

Users that are interested in SharpReflectivePEInjection are comparing it to the libraries listed below

Sorting:

pard0p / CallstackSpoofingPOC
View on GitHub
C++ self-Injecting dropper based on various EDR evasion techniques.
☆427Feb 11, 2024Updated 2 years ago
zimnyaa / noWatch
View on GitHub
Implant drop-in for EDR testing
☆147Nov 15, 2023Updated 2 years ago
Mr-Un1k0d3r / .NetConfigLoader
View on GitHub
.net config loader
☆348Nov 9, 2023Updated 2 years ago
nbaertsch / AutoAppDomainHijack
View on GitHub
Automated .NET AppDomain hijack payload generation
☆129Feb 4, 2025Updated last year
parzel / GoSleepyCrypt
View on GitHub
In-memory sleep encryption and heap encryption for Go applications through a shellcode function.
☆40Jan 14, 2024Updated 2 years ago
dmcxblue / SharpGhostTask
View on GitHub
A C# port from Invoke-GhostTask
☆120Jan 5, 2024Updated 2 years ago
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆680Oct 23, 2024Updated last year
netero1010 / GhostTask
View on GitHub
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
☆614Jan 2, 2025Updated last year
S1lkys / SharpKiller
View on GitHub
Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8
☆351Aug 29, 2024Updated last year
rasta-mouse / CsWhispers
View on GitHub
Source generator to add D/Invoke and indirect syscall methods to a C# project.
☆190Mar 4, 2024Updated last year
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆368Apr 19, 2023Updated 2 years ago
senzee1984 / InflativeLoading
View on GitHub
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
☆325Apr 12, 2024Updated last year
EvanMcBroom / perfect-loader
View on GitHub
Load a dynamic library from memory by modifying the native Windows loader
☆285Jun 18, 2025Updated 8 months ago
kleiton0x00 / Proxy-DLL-Loads
View on GitHub
A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
☆409Jan 11, 2026Updated last month
BlackSnufkin / NovaLdr
View on GitHub
Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
☆258Jun 29, 2024Updated last year
MalwareTech / EDRception
View on GitHub
A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
☆203Dec 27, 2023Updated 2 years ago
antroguy / LocklessBof
View on GitHub
Lockless BOF
☆79May 2, 2025Updated 9 months ago
ipSlav / DirtyCLR
View on GitHub
An App Domain Manager Injection DLL PoC on steroids
☆212Dec 14, 2023Updated 2 years ago
outflanknl / unmanaged-dotnet-patch
View on GitHub
Modify managed functions from unmanaged code
☆53Feb 1, 2024Updated 2 years ago
reveng007 / DarkWidow
View on GitHub
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
☆776Jan 26, 2026Updated last month
Bl4ckM1rror / PEAs
View on GitHub
☆60Dec 15, 2023Updated 2 years ago
icyguider / LatLoader
View on GitHub
PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
☆307Dec 9, 2023Updated 2 years ago
sokaRepo / CoercedPotatoRDLL
View on GitHub
Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege
☆225Nov 23, 2023Updated 2 years ago
Cracked5pider / LdrLibraryEx
View on GitHub
A small x64 library to load dll's into memory.
☆457Nov 6, 2023Updated 2 years ago
S3cur3Th1sSh1t / Caro-Kann
View on GitHub
Encrypted shellcode Injection to avoid Kernel triggered memory scans
☆407Sep 12, 2023Updated 2 years ago
mertdas / SharpLateral
View on GitHub
Lateral Movement
☆126Nov 14, 2023Updated 2 years ago
antonioCoco / SspiUacBypass
View on GitHub
Bypassing UAC with SSPI Datagram Contexts
☆461Sep 24, 2023Updated 2 years ago
ewby / Mockingjay_BOF
View on GitHub
Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
☆158Nov 7, 2023Updated 2 years ago
ZephrFish / DynamicMSBuilder
View on GitHub
A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
☆38Dec 7, 2025Updated 2 months ago
REDMED-X / InjectKit
View on GitHub
Modified versions of the Cobalt Strike Process Injection Kit
☆106Jan 24, 2024Updated 2 years ago
naksyn / ProcessStomping
View on GitHub
A variation of ProcessOverwriting to execute shellcode on an executable's section
☆148Dec 16, 2023Updated 2 years ago
florylsk / NtRemoteLoad
View on GitHub
Remote Shellcode Injector
☆220Aug 27, 2023Updated 2 years ago
YOLOP0wn / POSTDump
View on GitHub
☆341Nov 10, 2025Updated 3 months ago
Maldev-Academy / Christmas
View on GitHub
PoC demonstrating a multi process injection chain aimed at remotely executing shellcode
☆260Jan 21, 2024Updated 2 years ago
MalwareTech / EDR-Preloader
View on GitHub
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
☆539Feb 13, 2024Updated 2 years ago
naksyn / DojoLoader
View on GitHub
Generic PE loader for fast prototyping evasion techniques
☆244Jul 2, 2024Updated last year
Octoberfest7 / Inline-Execute-PE
View on GitHub
Execute unmanaged Windows executables in CobaltStrike Beacons
☆714Mar 4, 2023Updated 2 years ago
CognisysGroup / HadesLdr
View on GitHub
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
☆293Jul 15, 2023Updated 2 years ago
florylsk / ExecIT
View on GitHub
Execute shellcode files with rundll32
☆216Jan 28, 2024Updated 2 years ago