A living guide to lesser-known and evasive Windows API abuses used in malware, with practical reverse engineering notes, YARA detections, and behavioral indicators.
☆93Oct 27, 2025Updated 4 months ago
Alternatives and similar repositories for WindowsAPIAbuseAtlas
Users that are interested in WindowsAPIAbuseAtlas are comparing it to the libraries listed below
Sorting:
- HEVD Exploits for fun and learning.☆15Aug 30, 2025Updated 6 months ago
- Containers Wrapper is a Go library that provides a convenient and unified interface for interacting with container engines such as Docker…☆13Sep 10, 2023Updated 2 years ago
- cloudflare worker version☆11Sep 14, 2025Updated 5 months ago
- Discover similar functions structures in binaries using graph theory.☆21Oct 14, 2021Updated 4 years ago
- AI-based Ludus range configuration builder☆29May 6, 2025Updated 10 months ago
- takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities☆58Mar 1, 2026Updated last week
- ANY.RUN sandbox detection collection☆22Aug 21, 2024Updated last year
- Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic lo…☆24Jan 23, 2023Updated 3 years ago
- Slaying multi-language LLVM IR with obfuscation passes to achieve JIT execution☆130Dec 24, 2025Updated 2 months ago
- Remote Thread Detection with a Kernel Driver☆34Jan 14, 2025Updated last year
- Efflanrs - GUI for Snaffler Output☆26Sep 13, 2024Updated last year
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆50Jul 6, 2025Updated 8 months ago
- ☆43Jun 1, 2025Updated 9 months ago
- time-based user enum via Basic Auth in Azure against Autodiscover☆34Oct 3, 2024Updated last year
- golang amsi bypass☆30Dec 4, 2021Updated 4 years ago
- C# implementation to produce ROR-13 numeric hash for given function API name☆34May 26, 2019Updated 6 years ago
- An old Windows workstations LPE for domain environments without LDAP signing/channel binding.☆35Feb 4, 2023Updated 3 years ago
- ECC Public Key Cryptography☆37Oct 29, 2023Updated 2 years ago
- This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…☆52May 16, 2025Updated 9 months ago
- ☆42Apr 22, 2021Updated 4 years ago
- Lightweight, Portable, Phishing and Email Campaign Utility☆13Oct 15, 2018Updated 7 years ago
- This is my own custom fork of Bhassani's original repo, which contains the (unfinished) reverse-engineered WannaCry Ransomware-related fi…☆10Mar 7, 2023Updated 3 years ago
- Read PostgreSQL data files without credentials - forensics, data recovery, and security research tool☆35Jan 18, 2026Updated last month
- SharpCoercer is a .NET 4.8 C# tool that leverages 16 different RPC-based coercion methods to force remote Windows hosts to authenticate t…☆56Jul 13, 2025Updated 7 months ago
- StegsnowBruteForcer — outil Python pour brute-force de mots de passe dans les documents.☆15Feb 17, 2026Updated 2 weeks ago
- Java DNS Post Exploitation Tool☆11Jul 21, 2024Updated last year
- A simple C# password manager that uses SHA256 and AES Encryption.☆10Nov 20, 2020Updated 5 years ago
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆79Jul 25, 2025Updated 7 months ago
- somthing about Cobaltstrike☆48Aug 28, 2022Updated 3 years ago
- Youtube channel sample code☆55Mar 2, 2026Updated last week
- A Json Schema Faker for Golang!☆18Dec 10, 2025Updated 2 months ago
- Home of https://redteam.guide☆15Sep 19, 2022Updated 3 years ago
- Extract entire function source code based on giving line number using Javaparser☆21Jul 15, 2025Updated 7 months ago
- Set of tools for meshtastic network visualization and analysis using a graph theory library☆16Feb 28, 2025Updated last year
- ☆11Apr 24, 2020Updated 5 years ago
- Rerousces related to time-travel debugging (TTD)☆31Jan 6, 2026Updated 2 months ago
- eBPF-https is an open source web application firewall (WAF)☆14Sep 11, 2024Updated last year
- This is the latest version of BinHunter paper☆13Apr 13, 2025Updated 10 months ago
- ☆11Jun 25, 2024Updated last year