Alternatives and similar repositories for TradecraftImrprovement

Users that are interested in TradecraftImrprovement are comparing it to the libraries listed below

• horsicq / DIE-sort

  View on GitHub
  ☆10Updated this week
• susMdT / SharpIndirectSyscalls

  View on GitHub
  ☆11Feb 12, 2023Updated 3 years ago
• jfmaes / blogposts-talks-and-tidbits

  View on GitHub
  all random stuff that dont warrant a seperate repo
  ☆12Sep 2, 2022Updated 3 years ago
• n0tspam / RunspaceLoader

  View on GitHub
  Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe
  ☆13Dec 11, 2023Updated 2 years ago
• nathancarter / jsfs

  View on GitHub
  A (small) filesystem stored in the browser's LocalStorage
  ☆12Oct 17, 2018Updated 7 years ago
• Teach2Breach / nt_unhooker

  View on GitHub
  demo unhooking functions in ntdll
  ☆28Jul 15, 2025Updated 7 months ago
• Kryp7os / SharpRBCD

  View on GitHub
  An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD
  ☆49Mar 10, 2025Updated 11 months ago
• twelvesec / dexter

  View on GitHub
  Data EXfiltration TestER
  ☆21Aug 28, 2019Updated 6 years ago
• Shrfnt77 / AmsiBypass

  View on GitHub
  Bypassing Amsi using LdrLoadDll
  ☆47Jan 8, 2025Updated last year
• ITAgnesmeyer / Diga.WebView2

  View on GitHub
  WebView2 Wrapper
  ☆39Dec 29, 2025Updated last month
• iceboy233 / ntdrvldr

  View on GitHub
  A driver loader for Windows NT using NtLoadDriver()
  ☆24Aug 30, 2015Updated 10 years ago
• JanielDary / weetabix

  View on GitHub
  A C++ PoC implementation for enumerating Windows Fibers directly from memory
  ☆21May 11, 2024Updated last year
• horsicq / die_library

  View on GitHub
  ☆56Updated this week
• OtterHacker / AWSRedirector

  View on GitHub
  ☆58Feb 16, 2025Updated last year
• S3cur3Th1sSh1t / SharpUnhooker

  View on GitHub
  C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)
  ☆25Mar 7, 2023Updated 2 years ago
• V-i-x-x / win11-kernel-execution-syscall-hijack

  View on GitHub
  Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)
  ☆57Jun 15, 2025Updated 8 months ago
• AssuranceMaladieSec / FoxTerrier

  View on GitHub
  Python tool to find vulnerable AD object and generating csv report
  ☆26Jul 4, 2022Updated 3 years ago
• itaymigdal / PartyLoader

  View on GitHub
  Threadless shellcode injection tool
  ☆68Aug 5, 2024Updated last year
• JCSteiner / Emperor-Public

  View on GitHub
  Payload Generation Workflow
  ☆40Jul 18, 2025Updated 6 months ago
• patrickt2017 / VEHNetLoader

  View on GitHub
  Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
  ☆50Jul 6, 2025Updated 7 months ago
• MaorSabag / Paruns-Fart

  View on GitHub
  Just another ntdll unhooking using Parun's Fart technique
  ☆76Feb 15, 2023Updated 3 years ago
• whokilleddb / lordran.polymorphic.shellcode

  View on GitHub
  Things i do because i saw it on twitter on a weekend
  ☆58Jul 20, 2025Updated 6 months ago
• xalicex / Get-DLL-and-Function-Addresses

  View on GitHub
  GetModuleHandle (via PEB) and GetProcAddress (via EAT) like
  ☆32Feb 7, 2022Updated 4 years ago
• UmaRex01 / HookSentry

  View on GitHub
  Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.
  ☆36Apr 24, 2025Updated 9 months ago
• Lonefy / vscode-JS-CSS-HTML-formatter

  View on GitHub
  JS,CSS,HTML formatter for vscode
  ☆50Jul 27, 2021Updated 4 years ago
• Faran-17 / EarlyBird-APC-Injection

  View on GitHub
  Demonstration of Early Bird APC Injection - MITRE ID T1055.004
  ☆35Oct 31, 2023Updated 2 years ago
• bananabr / Givemeahand

  View on GitHub
  A PoC tool for exploiting leaked process and thread handles
  ☆32Feb 13, 2024Updated 2 years ago
• mimorep / Indirect-Shellcode-Executor

  View on GitHub
  Indirect-Shellcode-Executor expoits the miss-configuration/vulnerability present on the API Windows method ReadProcessMemory discovered b…
  ☆82Nov 15, 2025Updated 3 months ago
• jsecu / ElevatedEvents

  View on GitHub
  ☆30Nov 7, 2022Updated 3 years ago
• klezVirus / koppeling-p

  View on GitHub
  Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
  ☆78Aug 5, 2024Updated last year
• mertdas / SharpLateral

  View on GitHub
  Lateral Movement
  ☆125Nov 14, 2023Updated 2 years ago
• ceramicskate0 / SharpLeftOvers

  View on GitHub
  A C# Tool to find left over pentest data for use in your pentest or redteam op. Blue could maybe use to find files to cleanup
  ☆38Sep 14, 2023Updated 2 years ago
• reveng007 / DareDevil

  View on GitHub
  Stealthy Loader-cum-dropper/stage-1/stager targeting Windows10
  ☆37Nov 5, 2022Updated 3 years ago
• inb1ts / birdnet-poc

  View on GitHub
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆41Jul 9, 2023Updated 2 years ago
• crwe / BIXI-DOS-DDOS-TOOL

  View on GitHub
  BIXI is a fast, stable, and powerful DDoS tool designed for efficiency. It supports multiple protocols including TCP, UDP, ICMP, HTTP, an…
  ☆10Apr 9, 2025Updated 10 months ago
• CroodSolutions / BypassIT

  View on GitHub
  BypassIT is a framework for covert malware delivery and post-exploitation using AutoIT for red / blue team self assessment.
  ☆45Jul 6, 2025Updated 7 months ago
• m4ul3r / writing_nimless

  View on GitHub
  Writing Nimless Nim - Slides and source for BSIDESKC 2024 talk.
  ☆85Jul 11, 2025Updated 7 months ago
• Explodey54 / minecraft-artifier-js

  View on GitHub
  JavaScript/Node.js Web Converter from image to Minecraft blocks.
  ☆81Jul 30, 2023Updated 2 years ago
• oldboy21 / RflDllOb

  View on GitHub
  Reflective DLL Injection Made Bella
  ☆248Jan 6, 2025Updated last year