Alternatives and similar repositories for ParentProcessManipulation-LNK

Users that are interested in ParentProcessManipulation-LNK are comparing it to the libraries listed below

• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• itm4n / PPLrevenant

  View on GitHub
  Bypass LSA protection using the BYODLL technique
  ☆171Sep 21, 2024Updated last year
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆296Jul 31, 2024Updated last year
• JayGLXR / RustyMirage

  View on GitHub
  A Rust version of Mirage, a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆38Mar 6, 2025Updated 11 months ago
• Nariod / ronflex

  View on GitHub
  Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pen…
  ☆13May 11, 2023Updated 2 years ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• kyxiaxiang / Safetasklist

  View on GitHub
  Help red teams find opsec processes during engagements
  ☆42Dec 7, 2024Updated last year
• EricEsquivel / OpsLoader

  View on GitHub
  A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader
  ☆45Sep 25, 2024Updated last year
• caueb / ThreadlessStompingKann

  View on GitHub
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆79Dec 23, 2023Updated 2 years ago
• Teach2Breach / phantom_persist_rs

  View on GitHub
  Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence
  ☆63Jun 23, 2025Updated 7 months ago
• fortra / hw-call-stack

  View on GitHub
  Use hardware breakpoints to spoof the call stack for both syscalls and API calls
  ☆201Jun 6, 2024Updated last year
• expl0itabl3 / uac-bypass-cmstp

  View on GitHub
  Use CMSTP.exe to bypass UAC.
  ☆52Jun 24, 2022Updated 3 years ago
• ioncodes / SilentLoad

  View on GitHub
  "Service-less" driver loading
  ☆184Nov 28, 2024Updated last year
• iamagarre / BadExclusionsNWBO

  View on GitHub
  BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
  ☆75Feb 9, 2024Updated 2 years ago
• Teach2Breach / hollow_rs

  View on GitHub
  A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
  ☆30Feb 7, 2025Updated last year
• kyleavery / pendulum

  View on GitHub
  Linux Sleep Obfuscation
  ☆107Jan 7, 2024Updated 2 years ago
• Hexastrike / LockBit-Database-Leak-2025

  View on GitHub
  Structured CSVs and table schemas extracted from the 29-April-2025 LockBit affiliate-panel database leak.
  ☆28May 8, 2025Updated 9 months ago
• Neo-Maoku / MultiTshProxy

  View on GitHub
  tsh多终端代理通信
  ☆19Feb 26, 2025Updated 11 months ago
• rasta-mouse / SpawnWith

  View on GitHub
  ☆109Feb 17, 2025Updated 11 months ago
• JayGLXR / Rusty-Stardust

  View on GitHub
  A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…
  ☆59Mar 17, 2025Updated 10 months ago
• Teach2Breach / dll2shell

  View on GitHub
  converts sRDI compatible dlls to shellcode
  ☆35Jan 20, 2025Updated last year
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆325Apr 12, 2024Updated last year
• OtterHacker / SetProcessInjection

  View on GitHub
  ☆151Oct 2, 2023Updated 2 years ago
• hdks-bug / redteam-techniques

  View on GitHub
  Collection of red team techniques.
  ☆66Apr 25, 2025Updated 9 months ago
• djackreuter / rustlualoader

  View on GitHub
  Shellcode loader that executes embedded Lua from Rust.
  ☆127Dec 16, 2024Updated last year
• zimnyaa / insomnia

  View on GitHub
  a stage1 DLL loader with sleep obfuscation
  ☆36Dec 27, 2022Updated 3 years ago
• backdoorskid / ClrAmsiScanPatcher

  View on GitHub
  Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET
  ☆50May 5, 2025Updated 9 months ago
• Print3M / epic

  View on GitHub
  PIC shellcode (C/C++) development toolkit designed for malware developers.
  ☆119Dec 23, 2025Updated last month
• S12cybersecurity / NinjaInjector

  View on GitHub
  Classic Process Injection with Memory Evasion Techniques implemantation
  ☆72Oct 28, 2023Updated 2 years ago
• WKL-Sec / dcomhijack

  View on GitHub
  Lateral Movement Using DCOM and DLL Hijacking
  ☆326Jun 18, 2023Updated 2 years ago
• paranoidninja / Proxy-Function-Calls-For-ETwTI

  View on GitHub
  The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
  ☆209Jan 29, 2023Updated 3 years ago
• BlackSnufkin / NovaLdr

  View on GitHub
  Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
  ☆259Jun 29, 2024Updated last year
• securifybv / BOFRyptor

  View on GitHub
  ☆122Oct 9, 2023Updated 2 years ago
• BC-SECURITY / ScriptBlock-Smuggling

  View on GitHub
  Example code samples from our ScriptBlock Smuggling Blog post
  ☆94Jun 18, 2024Updated last year
• sagiol / Terms-of-What

  View on GitHub
  Terms of Use Conditional Access M365 Evilginx Phishlet
  ☆44Jun 23, 2025Updated 7 months ago
• Kudaes / Shelter

  View on GitHub
  ROP-based sleep obfuscation to evade memory scanners
  ☆375Jun 22, 2025Updated 7 months ago
• Shrfnt77 / AmsiBypass

  View on GitHub
  Bypassing Amsi using LdrLoadDll
  ☆47Jan 8, 2025Updated last year
• NioZow / bof-collection

  View on GitHub
  ☆21Feb 22, 2025Updated 11 months ago
• ColeHouston / theHandler-BOF

  View on GitHub
  Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
  ☆38Aug 5, 2025Updated 6 months ago