Alternatives and similar repositories for TradecraftImrprovement:

Users that are interested in TradecraftImrprovement are comparing it to the libraries listed below

• hlldz / misc
  miscellaneous codes
  ☆35Updated last year
• kapellos / LNKSmuggler
  A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.
  ☆13Updated 3 months ago
• gerbsec / SmokeyObfuscator
  Rewrite to fit my needs
  ☆27Updated 9 months ago
• a7t0fwa7 / SymProcSleuth
  A pure C version of SymProcAddress
  ☆27Updated last year
• EspressoCake / BetterPipename
  Example of using Sleep to create better named pipes.
  ☆41Updated last year
• eversinc33 / UnXorStringsNet
  Deobfuscation of XorStringsNet
  ☆14Updated 5 months ago
• arimaqz / strfile-encryptor
  string/file/shellcode encryptor using AES/XOR
  ☆11Updated last year
• Xacone / Eneio64-Driver-Exploit
  Exploit for eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W
  ☆14Updated last month
• waawaa / Hooked-Injector
  Hooked create process injection for meterpreter
  ☆23Updated 3 years ago
• dmcxblue / NtCreateUserProcessBOF
  An Aggressor Script that utilizes NtCreateUserProcess to run binaries
  ☆26Updated 2 months ago
• EvilBytecode / Amsi-Patch-Updated-2025
  How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.
  ☆13Updated this week
• ibaiC / FriendlyFireBOF
  A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
  ☆36Updated last week
• xelemental / Mal-LNK-Generator
  ☆34Updated 3 weeks ago
• G0ldenGunSec / DayBird
  Extension functionality for the NightHawk operator client
  ☆27Updated last year
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆38Updated 9 months ago
• OffenseTeacher / Steganim
  ☆48Updated last year
• nbaertsch / PoolProxy
  Proxy function calls through the thread pool with ease
  ☆25Updated last month
• HulkOperator / CallStackSpoofer
  ☆29Updated 4 months ago
• fern89 / runpe-x64
  RunPE adapted for x64 and written in C, does not use RWX
  ☆25Updated 11 months ago
• MrAle98 / psinline
  in-process powershell runner for BRC4
  ☆45Updated last year
• boku7 / DarkWidow
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆14Updated last year
• caueb / ThreadlessStompingKann
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆61Updated last year
• mr-r3bot / bof-modules
  BOF for C2 framework
  ☆41Updated 5 months ago
• Teach2Breach / rpeloader
  use python on windows with full submodule support without installation
  ☆27Updated 3 months ago
• dmcxblue / NiceDayPhishing
  ☆19Updated 4 months ago
• EvilBytecode / Ntdll-Unhook
  Unhook Ntdll.dll, Go & C++.
  ☆21Updated this week
• BlackHat-Ashura / Process_Ghosting
  Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by…
  ☆14Updated 11 months ago
• fern89 / ghostwriting-2
  A process injection technique using only thread context manipulation
  ☆28Updated last year
• aleemladha / wazuh_server_install
  Installing wazuh SIEM Unified XDR and SIEM protection
  ☆24Updated 3 months ago
• dobin / ace-firefist
  Attack chain emulator. Write recipes for initial access easily
  ☆20Updated last month