Alternatives and similar repositories for SharpElevator

Users that are interested in SharpElevator are comparing it to the libraries listed below

• Octoberfest7 / JumpSession_BOF
  Beacon Object File allowing creation of Beacons in different sessions.
  ☆81Updated 3 years ago
• S4ntiagoP / freeBokuLoader
  A simple BOF that frees UDRLs
  ☆121Updated 3 years ago
• ScriptIdiot / sleepmask_PatchlessHook
  Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
  ☆85Updated 2 years ago
• Mav3rick33 / ZenLdr
  Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature
  ☆101Updated 2 years ago
• ScriptIdiot / sleepmask_ekko_cfg
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆48Updated 2 years ago
• CymulateResearch / Blindside
  Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
  ☆132Updated 2 years ago
• EspressoCake / DLL-Exports-Extraction-BOF
  DLL Exports Extraction BOF with optional NTFS transactions.
  ☆84Updated 4 years ago
• GetRektBoy724 / HalosUnhooker
  Halos Gate-based NTAPI Unhooker
  ☆52Updated 3 years ago
• boku7 / halosgate-ps
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆110Updated 2 years ago
• c3r3br4t3 / ShadowRDP
  ☆73Updated last year
• d1rkmtrr / D1rkSleep
  Improved version of EKKO by @5pider that Encrypts only Image Sections
  ☆120Updated 2 years ago
• d4rkiZ / EmbedExeLnk-
  EmbedExeLnk by x86matthew modified by d4rkiZ
  ☆41Updated 2 years ago
• klezVirus / SharpLdapRelayScan
  C# Port of LdapRelayScan
  ☆87Updated 3 years ago
• trustedsec / CS_COFFLoader
  ☆129Updated last year
• MrAle98 / BOF-RunPE
  ☆57Updated 2 years ago
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆74Updated last week
• GetRektBoy724 / SharpHalos
  My implementation of Halo's Gate technique in C#
  ☆54Updated 3 years ago
• 0xDeku / NiceKatz
  A nice process dumping tool
  ☆81Updated 3 years ago
• seahop / titan
  Titan: A generic user defined reflective DLL for Cobalt Strike
  ☆84Updated 2 years ago
• ProcessusT / UnhookingDLL
  This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…
  ☆69Updated last year
• waawaa / AMSI_Rubeus_bypass
  ☆71Updated 3 years ago
• netero1010 / Quser-BOF
  Cobalt Strike BOF for quser.exe implementation using Windows API
  ☆87Updated 2 years ago
• REDMED-X / InjectKit
  Modified versions of the Cobalt Strike Process Injection Kit
  ☆102Updated last year
• parzel / GoSleepyCrypt
  In-memory sleep encryption and heap encryption for Go applications through a shellcode function.
  ☆40Updated last year
• Yair-Men / Passenger
  ProcExp Driver (Ab)use
  ☆22Updated 2 years ago
• ph3n1x007 / EarlyBirdNTDLL
  ☆37Updated 2 years ago
• dis0rder0x00 / ParentProcessManipulation-LNK
  Using LNK files and user input simulation to start processes under explorer.exe
  ☆27Updated last year
• trustedsec / PPLFaultDumpBOF
  ☆143Updated 2 years ago
• waawaa / breakcyserver
  ☆50Updated 3 years ago
• nick-frischkorn / SysWhispers-FunctionRandomizer
  Quick python script to replace the NtAPI functions within SysWhispers' assembly and header files with random strings
  ☆27Updated 3 years ago