danafaye/WindowsAPIAbuseAtlas external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

danafaye/WindowsAPIAbuseAtlas

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/danafaye/WindowsAPIAbuseAtlas)

Close

danafaye / WindowsAPIAbuseAtlasView on GitHubMore

• External links
• Readme badge

A living guide to lesser-known and evasive Windows API abuses used in malware, with practical reverse engineering notes, YARA detections, and behavioral indicators.

☆94Oct 27, 2025Updated 5 months ago

Alternatives and similar repositories for WindowsAPIAbuseAtlas

Users that are interested in WindowsAPIAbuseAtlas are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• AdvDebug / HEVDExploits

  View on GitHub
  HEVD Exploits for fun and learning.
  ☆15Aug 30, 2025Updated 7 months ago
• OffenseTeacher / NimSkrull

  View on GitHub
  NimSkrull is an adaption from the original Skrull malware anti-copy DRM. Only for the anti-copy feature. (https://github.com/aaaddress1/S…
  ☆13May 20, 2023Updated 2 years ago
• OtterHacker / AWSDoor

  View on GitHub
  AWSDoor is a red team automation tool designed to simulate advanced attacker behavior in AWS environments
  ☆34Sep 17, 2025Updated 7 months ago
• umpolungfish / byvalver

  View on GitHub
  takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities
  ☆62Mar 1, 2026Updated last month
• atomicchonk / ctrlaltrange

  View on GitHub
  AI-based Ludus range configuration builder
  ☆29May 6, 2025Updated 11 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• Xanderux / C2watcher

  View on GitHub
  Daily C2 threat intelligence feed
  ☆19Updated this week
• rtaylor777 / ps_cmd_rev_shell

  View on GitHub
  Combined PowerShell and CMD Reverse Shell
  ☆13Oct 31, 2019Updated 6 years ago
• Aspasia1337 / VAC-ModuleDumper

  View on GitHub
  In-depth security research into VAC’s dynamic anti-cheat delivery model, focusing on loader architecture, integrity checks, and defensive…
  ☆24Sep 1, 2025Updated 7 months ago
• lolfsaas / lolfsaas.github.io

  View on GitHub
  Living of the Land of Free SaaS
  ☆70Mar 22, 2026Updated 3 weeks ago
• L4zyD0g / NimBeacon

  View on GitHub
  A Cobalt Strike beacon implemented in Nim.
  ☆26Jul 16, 2025Updated 9 months ago
• alienkeric / VisualStudio-RCE-EvilSln

  View on GitHub
  A New Exploitation Technique for Visual Studio Projects
  ☆13Nov 5, 2023Updated 2 years ago
• whikernel / evtx2splunk

  View on GitHub
  Evtx to Splunk ingestor
  ☆16Mar 18, 2022Updated 4 years ago
• FuzzySecurity / Magikarp

  View on GitHub
  ECC Public Key Cryptography
  ☆37Oct 29, 2023Updated 2 years ago
• KickedDroid / loadstar

  View on GitHub
  A different approach to writing BOFs in rust.
  ☆20Aug 20, 2025Updated 7 months ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• s4dbrd / ETWReader

  View on GitHub
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆18Jun 29, 2024Updated last year
• MazX0p / PhantomInjector

  View on GitHub
  Advanced In-Memory PowerShell Process Injection Framework
  ☆73Jul 16, 2025Updated 9 months ago
• nyxgeek / autodiscover_enum

  View on GitHub
  time-based user enum via Basic Auth in Azure against Autodiscover
  ☆34Oct 3, 2024Updated last year
• dobin / detonator

  View on GitHub
  Orchestrate detonating your MalDev in VMs with different EDRs to see their detection surface.
  ☆24Apr 8, 2026Updated last week
• ImpostorKeanu / eavesarp-ng

  View on GitHub
  ☆46Jun 1, 2025Updated 10 months ago
• m3rcer / IRvana

  View on GitHub
  Slaying multi-language LLVM IR with obfuscation passes to achieve JIT execution
  ☆132Dec 24, 2025Updated 3 months ago
• historicalsource / asteroids

  View on GitHub
  A flying and rock-shooting game
  ☆17Oct 14, 2021Updated 4 years ago
• HullaBrian / COMmander

  View on GitHub
  .NET tool used to enrich RPC telemetry
  ☆101Jan 24, 2026Updated 2 months ago
• Chocapikk / pgread

  View on GitHub
  Read PostgreSQL data files without credentials - forensics, data recovery, and security research tool
  ☆45Apr 11, 2026Updated last week
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• wh0amitz / CTFCON2023-POC

  View on GitHub
  ☆17Dec 3, 2023Updated 2 years ago
• P4x1s / CVE-2024-23897

  View on GitHub
  CVE-2024-23897 jenkins-cli
  ☆15Jan 27, 2024Updated 2 years ago
• NocteDefensor / ludus_tailscale

  View on GitHub
  Ansible Role for Ludus to provision or remove a device to/from a Tailnet.
  ☆14Dec 5, 2025Updated 4 months ago
• msdirtbag / azurevelo

  View on GitHub
  Velociraptor Server hosted in Azure App Service
  ☆59Jun 4, 2025Updated 10 months ago
• nihilus / uberstealth

  View on GitHub
  ☆11Sep 14, 2014Updated 11 years ago
• glynx / peas

  View on GitHub
  Modified version of PEAS client for offensive operations
  ☆50Nov 1, 2025Updated 5 months ago
• Shrfnt77 / SharpCoercer

  View on GitHub
  SharpCoercer is a .NET 4.8 C# tool that leverages 16 different RPC-based coercion methods to force remote Windows hosts to authenticate t…
  ☆57Jul 13, 2025Updated 9 months ago
• yoda66 / PythonShellcodeRedux

  View on GitHub
  ☆12Mar 27, 2024Updated 2 years ago
• MaorSabag / SafeCrypt

  View on GitHub
  SafeCrypt is an academic ransomware simulation suite developed for Red Team engagements. It demonstrates modern malware techniques includ…
  ☆34Oct 3, 2025Updated 6 months ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• tknerr / circleci-redirector

  View on GitHub
  Extends the CircleCI REST API with bookmarkable URLs for latest build and build artifacts
  ☆10Jan 11, 2016Updated 10 years ago
• fkie-cad / SNAFUzz

  View on GitHub
  Windows Snapshot Fuzzer (SNAFUzz)
  ☆40Dec 17, 2025Updated 4 months ago
• MalwareTech / EDRception

  View on GitHub
  A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
  ☆203Dec 27, 2023Updated 2 years ago
• zodiacon / RemoteThreadDetection

  View on GitHub
  Remote Thread Detection with a Kernel Driver
  ☆33Jan 14, 2025Updated last year
• timwhitez / Doge-AMSI-patch

  View on GitHub
  golang amsi bypass
  ☆30Dec 4, 2021Updated 4 years ago
• Dump-GUY / Get-PDInvokeImports

  View on GitHub
  Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…
  ☆54Apr 10, 2022Updated 4 years ago
• 0x1c1101 / blazing_asm

  View on GitHub
  Simple, fast and lightweight Header-Only C++ Assembler Library
  ☆142Aug 13, 2025Updated 8 months ago