Alternatives and similar repositories for CanYouCTheThief:

Users that are interested in CanYouCTheThief are comparing it to the libraries listed below

• jfmaes / DeepSleep
  all credits go to @mgeeky
  ☆64Updated 3 years ago
• Allevon412 / BreadBear
  A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/
  ☆31Updated last year
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆35Updated 3 years ago
• RixedLabs / IDLE-Abuse
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆52Updated 2 years ago
• eladshamir / BadWindowsService
  An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities
  ☆58Updated 2 years ago
• ZeroPointSecurity / Domain-Enumeration-Tool
  Perform Windows domain enumeration via LDAP
  ☆36Updated 2 years ago
• VirtualAlllocEx / Taskschedule-Persistence-Download-Cradles
  Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
  ☆86Updated 2 years ago
• netbiosX / GhostLoader
  GhostLoader - AppDomainManager - Injection - 攻壳机动队
  ☆52Updated 4 years ago
• mobdk / Upsilon
  Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
  ☆93Updated 3 years ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated last year
• OtterHacker / Cerbere
  ☆47Updated 2 years ago
• EspressoCake / Process_Protection_Level_BOF
  ☆57Updated 3 years ago
• ihack4falafel / Dell-Driver-EoP-CVE-2021-21551
  Dell Driver EoP (CVE-2021-21551)
  ☆32Updated 3 years ago
• phackt / wptsextensions.dll
  WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.
  ☆53Updated 3 years ago
• mgeeky / msi-shenanigans
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆79Updated 2 years ago
• Octoberfest7 / Proxy_Egress_Persistence
  A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies
  ☆32Updated 2 years ago
• rad9800 / BloatedHammer
  API Hammering with C++20
  ☆45Updated 2 years ago
• nettitude / SyscallsExtractor
  ☆23Updated 3 years ago
• S3cur3Th1sSh1t / SharpOxidResolver
  IOXIDResolver from AirBus Security/PingCastle
  ☆49Updated 4 years ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆88Updated 2 years ago
• EspressoCake / Firewall_Walker_BOF
  A BOF to interact with COM objects associated with the Windows software firewall.
  ☆103Updated 3 years ago
• thesnoom / extps-cobalt-strike-bof
  Extended Process List (Search functionality)
  ☆29Updated 4 years ago
• hackerhouse-opensource / envschtasksuacbypass
  Bypass UAC elevation on Windows 8 (build 9600) & above.
  ☆54Updated 2 years ago
• RedSiege / What-The-F
  This repo hosts a poc of how to execute F# code within an unmanaged process
  ☆66Updated 9 months ago
• Octoberfest7 / aggressor_snippets
  A collection of random small Aggressor snippets that don't warrant their own repo
  ☆23Updated 2 years ago
• zimawhit3 / DynimicGhostWriting
  Windows x64 Process Injection via Ghostwriting with Dynamic Configuration
  ☆29Updated 3 years ago
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆39Updated last year
• passthehashbrowns / suspendedunhook
  ☆39Updated 3 years ago
• susMdT / fictional-invention
  idk man this was the default github name
  ☆35Updated last year
• tothi / SharpStay
  .NET project for installing Persistence
  ☆64Updated 3 years ago