Alternatives and similar repositories for TrollUAC

Users that are interested in TrollUAC are comparing it to the libraries listed below

• 0xv1n / RemoteSessionEnum
  Remotely Enumerate sessions using undocumented Windows Station APIs
  ☆118Updated last year
• MzHmO / DebugAmsi
  DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
  ☆102Updated 2 years ago
• cybersectroll / SharpPersistSD
  ☆92Updated last year
• jakobfriedl / BenevolentLoader
  Shellcode loader using direct syscalls via Hell's Gate and payload encryption.
  ☆101Updated last year
• Idov31 / NidhoggScript
  NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
  ☆50Updated last year
• naksyn / ProcessStomping
  A variation of ProcessOverwriting to execute shellcode on an executable's section
  ☆148Updated 2 years ago
• vxCrypt0r / AMSI_VEH
  A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…
  ☆167Updated last year
• rad9800 / FileRenameJunctionsEDRDisable
  ☆159Updated last year
• BeetleChunks / Obligato
  This project is an implant framework designed for long term persistent access to Windows machines.
  ☆108Updated 2 years ago
• OtterHacker / SetProcessInjection
  ☆151Updated 2 years ago
• boku7 / patchwerk
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Updated last year
• 0xsch1zo / NullGate
  Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
  ☆165Updated 6 months ago
• decoder-it / ChgPass
  ☆137Updated 11 months ago
• Karkas66 / CelestialSpark
  Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …
  ☆103Updated 10 months ago
• ricardojoserf / NativeBypassCredGuard
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆265Updated 10 months ago
• Octoberfest7 / Secure_Stager
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆194Updated last year
• almounah / superdeye
  Indirect Syscall with TartarusGate Approach in Go
  ☆134Updated 7 months ago
• TierZeroSecurity / edr_blocker
  Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…
  ☆139Updated last year
• racoten / BetterNetLoader
  A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints
  ☆121Updated 6 months ago
• nixpal / shellsilo
  SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…
  ☆153Updated 6 months ago
• securifybv / BOFRyptor
  ☆122Updated 2 years ago
• lem0nSec / KBlast
  Basic interactive Windows kernel offensive toolkit written in C
  ☆135Updated 4 months ago
• ipSlav / DirtyCLR
  An App Domain Manager Injection DLL PoC on steroids
  ☆210Updated 2 years ago
• florylsk / ExecIT
  Execute shellcode files with rundll32
  ☆214Updated 2 years ago
• netero1010 / SCCMVNC
  A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications.…
  ☆115Updated last year
• almounah / go-buena-clr
  Good CLR Host with Native patchless AMSI Bypass
  ☆101Updated 9 months ago
• Maldev-Academy / DRMBinViaOrdinalImports
  Create Anti-Copy DRM Malware
  ☆71Updated last year
• lsecqt / ThreadlessInject-C-Implementation
  This repository implements Threadless Injection in C
  ☆172Updated 2 years ago
• 0xJs / BlockEDRTraffic
  Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …
  ☆257Updated 4 months ago
• NtDallas / Svartalfheim
  Stage 0
  ☆169Updated last year