cpu0x00/SharpReflectivePEInjection

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/cpu0x00/SharpReflectivePEInjection)

cpu0x00 / SharpReflectivePEInjection

reflectively load and execute PEs locally and remotely bypassing EDR hooks

☆164

Alternatives and similar repositories for SharpReflectivePEInjection

Users that are interested in SharpReflectivePEInjection are comparing it to the libraries listed below

Sorting:

pard0p / CallstackSpoofingPOC
View on GitHub
C++ self-Injecting dropper based on various EDR evasion techniques.
☆426Feb 11, 2024Updated 2 years ago
parzel / GoSleepyCrypt
View on GitHub
In-memory sleep encryption and heap encryption for Go applications through a shellcode function.
☆40Jan 14, 2024Updated 2 years ago
Mr-Un1k0d3r / .NetConfigLoader
View on GitHub
.net config loader
☆349Nov 9, 2023Updated 2 years ago
zimnyaa / noWatch
View on GitHub
Implant drop-in for EDR testing
☆147Nov 15, 2023Updated 2 years ago
netero1010 / GhostTask
View on GitHub
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
☆618Jan 2, 2025Updated last year
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆374Apr 19, 2023Updated 2 years ago
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆683Oct 23, 2024Updated last year
rasta-mouse / CsWhispers
View on GitHub
Source generator to add D/Invoke and indirect syscall methods to a C# project.
☆190Mar 4, 2024Updated 2 years ago
S1lkys / SharpKiller
View on GitHub
Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8
☆351Aug 29, 2024Updated last year
nbaertsch / AutoAppDomainHijack
View on GitHub
Automated .NET AppDomain hijack payload generation
☆129Feb 4, 2025Updated last year
BlackSnufkin / NovaLdr
View on GitHub
Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
☆262Jun 29, 2024Updated last year
antroguy / LocklessBof
View on GitHub
Lockless BOF
☆79May 2, 2025Updated 10 months ago
dmcxblue / SharpGhostTask
View on GitHub
A C# port from Invoke-GhostTask
☆120Jan 5, 2024Updated 2 years ago
sokaRepo / CoercedPotatoRDLL
View on GitHub
Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege
☆225Nov 23, 2023Updated 2 years ago
EvanMcBroom / perfect-loader
View on GitHub
Load a dynamic library from memory by modifying the native Windows loader
☆286Jun 18, 2025Updated 9 months ago
kleiton0x00 / Proxy-DLL-Loads
View on GitHub
A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
☆412Jan 11, 2026Updated 2 months ago
S3cur3Th1sSh1t / Caro-Kann
View on GitHub
Encrypted shellcode Injection to avoid Kernel triggered memory scans
☆407Sep 12, 2023Updated 2 years ago
ewby / Mockingjay_BOF
View on GitHub
Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
☆158Nov 7, 2023Updated 2 years ago
senzee1984 / InflativeLoading
View on GitHub
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
☆326Apr 12, 2024Updated last year
reveng007 / DarkWidow
View on GitHub
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
☆787Jan 26, 2026Updated last month
mertdas / SharpLateral
View on GitHub
Lateral Movement
☆126Nov 14, 2023Updated 2 years ago
florylsk / ExecIT
View on GitHub
Execute shellcode files with rundll32
☆218Jan 28, 2024Updated 2 years ago
icyguider / LatLoader
View on GitHub
PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
☆309Dec 9, 2023Updated 2 years ago
OtterHacker / SetProcessInjection
View on GitHub
☆153Oct 2, 2023Updated 2 years ago
MalwareTech / EDRception
View on GitHub
A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
☆204Dec 27, 2023Updated 2 years ago
naksyn / ProcessStomping
View on GitHub
A variation of ProcessOverwriting to execute shellcode on an executable's section
☆148Dec 16, 2023Updated 2 years ago
HaydoW / NerfDefender
View on GitHub
BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
☆24Jul 5, 2023Updated 2 years ago
Cracked5pider / LdrLibraryEx
View on GitHub
A small x64 library to load dll's into memory.
☆458Nov 6, 2023Updated 2 years ago
CCob / ThreadlessInject
View on GitHub
Threadless Process Injection using remote function hooking.
☆810Sep 4, 2024Updated last year
YOLOP0wn / POSTDump
View on GitHub
☆342Nov 10, 2025Updated 4 months ago
CognisysGroup / HadesLdr
View on GitHub
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
☆293Jul 15, 2023Updated 2 years ago
ipSlav / DirtyCLR
View on GitHub
An App Domain Manager Injection DLL PoC on steroids
☆212Dec 14, 2023Updated 2 years ago
Bl4ckM1rror / PEAs
View on GitHub
☆60Dec 15, 2023Updated 2 years ago
ZephrFish / DynamicMSBuilder
View on GitHub
A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
☆38Dec 7, 2025Updated 3 months ago
florylsk / NtRemoteLoad
View on GitHub
Remote Shellcode Injector
☆219Aug 27, 2023Updated 2 years ago
Maldev-Academy / Christmas
View on GitHub
PoC demonstrating a multi process injection chain aimed at remotely executing shellcode
☆259Jan 21, 2024Updated 2 years ago
Octoberfest7 / Inline-Execute-PE
View on GitHub
Execute unmanaged Windows executables in CobaltStrike Beacons
☆715Mar 4, 2023Updated 3 years ago
outflanknl / unmanaged-dotnet-patch
View on GitHub
Modify managed functions from unmanaged code
☆53Feb 1, 2024Updated 2 years ago
REDMED-X / InjectKit
View on GitHub
Modified versions of the Cobalt Strike Process Injection Kit
☆106Jan 24, 2024Updated 2 years ago