Alternatives and similar repositories for NtTools

Users that are interested in NtTools are comparing it to the libraries listed below

• DarkCoderSc / inno-shellcode-example
  Run shellcode through InnoSetup code engine.
  ☆67Updated 2 years ago
• erwan2212 / NTHASH-FPC
  ☆35Updated last year
• Unprotect-Project / FuncInEvasionTechniqueDemo
  ☆34Updated last year
• zux0x3a / TChopper
  conduct lateral movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine
  ☆54Updated 4 years ago
• aahmad097 / Test004
  Persistence via Shell Extensions
  ☆62Updated last year
• aaaddress1 / sakeInject
  Windows PE - TLS (Thread Local Storage) Injector in C/C++
  ☆105Updated 4 years ago
• 0xsp-SRD / OffensivePascal
  Pascal Offsec repo for malware dev and red teaming 🚩
  ☆181Updated last year
• elastic / PPLGuard
  ☆70Updated 5 months ago
• ctxis / DynamicWrapperEx
  x64 Registration-Free In-Process COM Automation Server.
  ☆48Updated 2 years ago
• Allevon412 / PPL_Sandboxer
  ☆82Updated 3 years ago
• w1u0u1 / minidump
  Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…
  ☆123Updated 3 years ago
• dosxuz / ProcessGhosting
  Small POC for process ghosting
  ☆39Updated 3 years ago
• lilkui / runasti
  Runs programs as TrustedInstaller
  ☆49Updated 6 years ago
• p3nt4 / RunDLL.Net
  Execute .Net assemblies using Rundll32.exe
  ☆113Updated 4 years ago
• ars3n11 / MineSweeper
  Windows user-land hooks manipulation tool.
  ☆144Updated 4 years ago
• PhrozenIO / RunAsAttached
  RunAsAttached is a program to locally run a new terminal as another user without spawning a new console window.
  ☆47Updated 3 years ago
• sailay1996 / delete2SYSTEM
  Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM
  ☆123Updated 4 years ago
• hotnops / RemoteDebugView
  A DLL that serves OutputDebugString content over a TCP connection
  ☆35Updated 3 years ago
• cobbr / C2Bridge
  C2Bridges allow developers to create new custom communication protocols and quickly utilize them within Covenant.
  ☆69Updated 4 years ago
• michaellandi / exportstoc
  Used to create wrappers and proxy libraries for Windows binaries.
  ☆76Updated 13 years ago
• synacktiv / Radmin3-Password-Cracker
  Radmin Server 3 credentials dumper/cracker
  ☆53Updated 3 years ago
• Cobalt-Strike / ProxyDLLExample
  code for the Proxy DLL example blog post
  ☆61Updated 3 years ago
• JohnWoodman / stealthInjector
  Injects shellcode into remote processes using direct syscalls
  ☆79Updated 4 years ago
• boku7 / xPipe
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆84Updated 2 years ago
• mobdk / Upsilon
  Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
  ☆92Updated 3 years ago
• plackyhacker / Unhook-BitDefender
  Unhooks Bit Defender from NTDLL and KERNELBASE using a classic technique.
  ☆55Updated 2 years ago
• aaaddress1 / xlsKami
  Out-of-the-Box Tool to Obfuscate Excel XLS. Include Obfuscation & Hide for Cell Labels & BoundSheets
  ☆48Updated 3 years ago
• 0xcpu / winsmsd
  Windows (ShadowMove) Socket Duplication
  ☆83Updated 5 years ago
• jbaines-r7 / dellicious
  Enabled / Disable LSA Protection via BYOVD
  ☆70Updated 3 years ago
• hasherezade / shellc_encoder
  Standalone Metasploit-like XOR encoder for shellcode
  ☆47Updated last year