florylsk/ExecIT

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/florylsk/ExecIT)

florylsk / ExecIT

Execute shellcode files with rundll32

☆218

Alternatives and similar repositories for ExecIT

Users that are interested in ExecIT are comparing it to the libraries listed below

Sorting:

rasta-mouse / CsWhispers
View on GitHub
Source generator to add D/Invoke and indirect syscall methods to a C# project.
☆190Mar 4, 2024Updated 2 years ago
oldboy21 / SyscallMeMaybe
View on GitHub
Implementation of Indirect Syscall technique to pop a calc.exe
☆112Jan 25, 2024Updated 2 years ago
reveng007 / DarkWidow
View on GitHub
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
☆787Jan 26, 2026Updated last month
icyguider / UAC-BOF-Bonanza
View on GitHub
Collection of UAC Bypass Techniques Weaponized as BOFs
☆611Feb 21, 2024Updated 2 years ago
outflanknl / unmanaged-dotnet-patch
View on GitHub
Modify managed functions from unmanaged code
☆53Feb 1, 2024Updated 2 years ago
Cipher7 / ChaiLdr
View on GitHub
AV bypass while you sip your Chai!
☆223May 17, 2024Updated last year
senzee1984 / InflativeLoading
View on GitHub
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
☆326Apr 12, 2024Updated last year
Maldev-Academy / RemoteTLSCallbackInjection
View on GitHub
Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
☆287Jan 21, 2024Updated 2 years ago
cpu0x00 / SharpReflectivePEInjection
View on GitHub
reflectively load and execute PEs locally and remotely bypassing EDR hooks
☆164Jan 4, 2024Updated 2 years ago
florylsk / RecycledInjector
View on GitHub
Native Syscalls Shellcode Injector
☆267Jul 2, 2023Updated 2 years ago
dmcxblue / SharpGhostTask
View on GitHub
A C# port from Invoke-GhostTask
☆120Jan 5, 2024Updated 2 years ago
pard0p / CallstackSpoofingPOC
View on GitHub
C++ self-Injecting dropper based on various EDR evasion techniques.
☆426Feb 11, 2024Updated 2 years ago
d419h / IconJector
View on GitHub
Inject DLLs into the explorer process using icons
☆407May 18, 2025Updated 10 months ago
georgesotiriadis / Chimera
View on GitHub
Automated DLL Sideloading Tool With EDR Evasion Capabilities
☆505Dec 19, 2023Updated 2 years ago
Bl4ckM1rror / PEAs
View on GitHub
☆60Dec 15, 2023Updated 2 years ago
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆438Dec 21, 2023Updated 2 years ago
sokaRepo / CoercedPotatoRDLL
View on GitHub
Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege
☆225Nov 23, 2023Updated 2 years ago
mlcsec / FormThief
View on GitHub
Spoofing desktop login applications with WinForms and WPF
☆177Feb 19, 2024Updated 2 years ago
kyleavery / pendulum
View on GitHub
Linux Sleep Obfuscation
☆112Jan 7, 2024Updated 2 years ago
frkngksl / UnlinkDLL
View on GitHub
DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
☆60Dec 15, 2023Updated 2 years ago
naksyn / ProcessStomping
View on GitHub
A variation of ProcessOverwriting to execute shellcode on an executable's section
☆148Dec 16, 2023Updated 2 years ago
Maldev-Academy / MaldevAcademyLdr.1
View on GitHub
RunPE implementation with multiple evasive techniques (1)
☆383Sep 22, 2023Updated 2 years ago
MalwareTech / EDR-Preloader
View on GitHub
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
☆542Feb 13, 2024Updated 2 years ago
CognisysGroup / HadesLdr
View on GitHub
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
☆293Jul 15, 2023Updated 2 years ago
Faran-17 / Hellshazzard
View on GitHub
Indirect Syscall implementation to bypass userland NTAPIs hooking.
☆85Aug 13, 2024Updated last year
lem0nSec / ShellGhost
View on GitHub
A memory-based evasion technique which makes shellcode invisible from process start to end.
☆1,198Oct 16, 2023Updated 2 years ago
ricardojoserf / TrickDump
View on GitHub
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
☆541May 9, 2025Updated 10 months ago
fin3ss3g0d / NativeThreadpool
View on GitHub
Work, timer, and wait callback example using solely Native Windows APIs.
☆88Feb 11, 2024Updated 2 years ago
florylsk / NtRemoteLoad
View on GitHub
Remote Shellcode Injector
☆219Aug 27, 2023Updated 2 years ago
cpu0x00 / Ghost
View on GitHub
Evasive shellcode loader
☆400Oct 17, 2024Updated last year
MzHmO / Parasite-Invoke
View on GitHub
Hide your P/Invoke signatures through other people's signed assemblies
☆211Mar 10, 2024Updated 2 years ago
VoldeSec / PatchlessInlineExecute-Assembly
View on GitHub
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
☆277Apr 17, 2023Updated 2 years ago
YOLOP0wn / POSTDump
View on GitHub
☆342Nov 10, 2025Updated 4 months ago
senzee1984 / MutationGate
View on GitHub
Use hardware breakpoint to dynamically change SSN in run-time
☆280Apr 10, 2024Updated last year
decoder-it / DFSCoerce-exe-2
View on GitHub
DFSCoerce exe revisited version with custom authentication
☆42Jan 13, 2024Updated 2 years ago
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆683Oct 23, 2024Updated last year
Karkas66 / CelestialSpark
View on GitHub
Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …
☆103Mar 27, 2025Updated 11 months ago
senzee1984 / EDRPrison
View on GitHub
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
☆460Aug 2, 2024Updated last year
Cracked5pider / LdrLibraryEx
View on GitHub
A small x64 library to load dll's into memory.
☆458Nov 6, 2023Updated 2 years ago