dosxuz/TradecraftImrprovement external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

dosxuz/TradecraftImrprovement

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/dosxuz/TradecraftImrprovement)

Close

dosxuz / TradecraftImrprovementView on GitHubMore

• External links
• Readme badge

This repository will contain source codes from the Tradecraft improvement blog series

☆14Mar 27, 2025Updated 11 months ago

Alternatives and similar repositories for TradecraftImrprovement

Users that are interested in TradecraftImrprovement are comparing it to the libraries listed below

• horsicq / DIE-sort

  View on GitHub
  ☆10Updated this week
• susMdT / SharpIndirectSyscalls

  View on GitHub
  ☆11Feb 12, 2023Updated 3 years ago
• n0tspam / RunspaceLoader

  View on GitHub
  Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe
  ☆13Dec 11, 2023Updated 2 years ago
• jfmaes / blogposts-talks-and-tidbits

  View on GitHub
  all random stuff that dont warrant a seperate repo
  ☆12Sep 2, 2022Updated 3 years ago
• Teach2Breach / nt_unhooker

  View on GitHub
  demo unhooking functions in ntdll
  ☆28Jul 15, 2025Updated 7 months ago
• nathancarter / jsfs

  View on GitHub
  A (small) filesystem stored in the browser's LocalStorage
  ☆12Oct 17, 2018Updated 7 years ago
• Kryp7os / SharpRBCD

  View on GitHub
  An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD
  ☆49Mar 10, 2025Updated 11 months ago
• Shrfnt77 / AmsiBypass

  View on GitHub
  Bypassing Amsi using LdrLoadDll
  ☆47Jan 8, 2025Updated last year
• twelvesec / dexter

  View on GitHub
  Data EXfiltration TestER
  ☆21Aug 28, 2019Updated 6 years ago
• ITAgnesmeyer / Diga.WebView2

  View on GitHub
  WebView2 Wrapper
  ☆39Dec 29, 2025Updated 2 months ago
• iceboy233 / ntdrvldr

  View on GitHub
  A driver loader for Windows NT using NtLoadDriver()
  ☆24Aug 30, 2015Updated 10 years ago
• JanielDary / weetabix

  View on GitHub
  A C++ PoC implementation for enumerating Windows Fibers directly from memory
  ☆22May 11, 2024Updated last year
• horsicq / die_library

  View on GitHub
  ☆57Updated this week
• OtterHacker / AWSRedirector

  View on GitHub
  ☆58Feb 16, 2025Updated last year
• S3cur3Th1sSh1t / SharpUnhooker

  View on GitHub
  C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)
  ☆25Mar 7, 2023Updated 3 years ago
• V-i-x-x / win11-kernel-execution-syscall-hijack

  View on GitHub
  Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)
  ☆56Jun 15, 2025Updated 8 months ago
• AssuranceMaladieSec / FoxTerrier

  View on GitHub
  Python tool to find vulnerable AD object and generating csv report
  ☆26Jul 4, 2022Updated 3 years ago
• itaymigdal / PartyLoader

  View on GitHub
  Threadless shellcode injection tool
  ☆68Aug 5, 2024Updated last year
• patrickt2017 / VEHNetLoader

  View on GitHub
  Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
  ☆50Jul 6, 2025Updated 8 months ago
• JCSteiner / Emperor-Public

  View on GitHub
  Payload Generation Workflow
  ☆40Jul 18, 2025Updated 7 months ago
• CyberSecurityUP / SysWhispers4

  View on GitHub
  AV/EDR evasion via direct and indirect system calls Windows NT 3.1 through Windows 11 24H2 · x64 · x86 · WoW64 · ARM64
  ☆80Feb 23, 2026Updated 2 weeks ago
• MaorSabag / Paruns-Fart

  View on GitHub
  Just another ntdll unhooking using Parun's Fart technique
  ☆76Feb 15, 2023Updated 3 years ago
• UmaRex01 / HookSentry

  View on GitHub
  Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.
  ☆37Apr 24, 2025Updated 10 months ago
• whokilleddb / lordran.polymorphic.shellcode

  View on GitHub
  Things i do because i saw it on twitter on a weekend
  ☆57Jul 20, 2025Updated 7 months ago
• xalicex / Get-DLL-and-Function-Addresses

  View on GitHub
  GetModuleHandle (via PEB) and GetProcAddress (via EAT) like
  ☆32Feb 7, 2022Updated 4 years ago
• Lonefy / vscode-JS-CSS-HTML-formatter

  View on GitHub
  JS,CSS,HTML formatter for vscode
  ☆50Jul 27, 2021Updated 4 years ago
• bananabr / Givemeahand

  View on GitHub
  A PoC tool for exploiting leaked process and thread handles
  ☆32Feb 13, 2024Updated 2 years ago
• mimorep / Indirect-Shellcode-Executor

  View on GitHub
  Indirect-Shellcode-Executor expoits the miss-configuration/vulnerability present on the API Windows method ReadProcessMemory discovered b…
  ☆83Nov 15, 2025Updated 3 months ago
• Faran-17 / EarlyBird-APC-Injection

  View on GitHub
  Demonstration of Early Bird APC Injection - MITRE ID T1055.004
  ☆35Oct 31, 2023Updated 2 years ago
• Helixo32 / NimReflectiveLoader

  View on GitHub
  NimReflectiveLoader is a Nim-based tool for in-memory DLL execution using Reflective DLL Loading.
  ☆31Jan 21, 2024Updated 2 years ago
• jsecu / ElevatedEvents

  View on GitHub
  ☆30Nov 7, 2022Updated 3 years ago
• klezVirus / koppeling-p

  View on GitHub
  Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
  ☆79Aug 5, 2024Updated last year
• mertdas / SharpLateral

  View on GitHub
  Lateral Movement
  ☆126Nov 14, 2023Updated 2 years ago
• Whitecat18 / LazyDLLSideload

  View on GitHub
  Generate DLL proxy/sideload projects. Automatically parses PE export tables and generates ready-to-compile project for red team engagemen…
  ☆112Updated this week
• ceramicskate0 / SharpLeftOvers

  View on GitHub
  A C# Tool to find left over pentest data for use in your pentest or redteam op. Blue could maybe use to find files to cleanup
  ☆37Sep 14, 2023Updated 2 years ago
• reveng007 / DareDevil

  View on GitHub
  Stealthy Loader-cum-dropper/stage-1/stager targeting Windows10
  ☆37Nov 5, 2022Updated 3 years ago
• inb1ts / birdnet-poc

  View on GitHub
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆41Jul 9, 2023Updated 2 years ago
• m4ul3r / writing_nimless

  View on GitHub
  Writing Nimless Nim - Slides and source for BSIDESKC 2024 talk.
  ☆85Jul 11, 2025Updated 7 months ago
• crwe / BIXI-DOS-DDOS-TOOL

  View on GitHub
  BIXI is a fast, stable, and powerful DDoS tool designed for efficiency. It supports multiple protocols including TCP, UDP, ICMP, HTTP, an…
  ☆10Apr 9, 2025Updated 11 months ago