Alternatives and similar repositories for Awesome_Malware_Techniques

Users that are interested in Awesome_Malware_Techniques are comparing it to the libraries listed below

• daem0nc0re / TangledWinExec

  View on GitHub
  PoCs and tools for investigation of Windows process execution techniques
  ☆952Feb 2, 2026Updated 2 weeks ago
• matthieu-hackwitharts / Win32_Offensive_Cheatsheet

  View on GitHub
  Win32 and Kernel abusing techniques for pentesters
  ☆972Sep 3, 2023Updated 2 years ago
• matro7sh / BypassAV

  View on GitHub
  This map lists the essential techniques to bypass anti-virus and EDR
  ☆3,143Mar 28, 2025Updated 10 months ago
• optiv / Freeze

  View on GitHub
  Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
  ☆1,470Aug 18, 2023Updated 2 years ago
• chvancooten / maldev-for-dummies

  View on GitHub
  A workshop about Malware Development
  ☆1,759Jun 2, 2023Updated 2 years ago
• lsecqt / OffensiveCpp

  View on GitHub
  This repo contains C/C++ snippets that can be handy in specific offensive scenarios.
  ☆757Jan 26, 2025Updated last year
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,294Mar 21, 2025Updated 10 months ago
• capt-meelo / laZzzy

  View on GitHub
  laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.
  ☆501Jan 10, 2023Updated 3 years ago
• vxunderground / VX-API

  View on GitHub
  Collection of various malicious functionality to aid in malware development
  ☆1,838Feb 28, 2024Updated last year
• CodeXTF2 / maldev-links

  View on GitHub
  My collection of malware dev links
  ☆308Feb 9, 2026Updated last week
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,199Oct 16, 2023Updated 2 years ago
• CCob / ThreadlessInject

  View on GitHub
  Threadless Process Injection using remote function hooking.
  ☆809Sep 4, 2024Updated last year
• tkmru / awesome-edr-bypass

  View on GitHub
  Awesome EDR Bypass Resources For Ethical Hacking
  ☆1,476Jan 26, 2026Updated 3 weeks ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,004Jun 4, 2024Updated last year
• ZeroMemoryEx / Blackout

  View on GitHub
  kill anti-malware protected processes ( BYOVD )
  ☆970Jul 21, 2023Updated 2 years ago
• WesleyWong420 / RedTeamOps-Havoc-101

  View on GitHub
  Materials for the workshop "Red Team Ops: Havoc 101"
  ☆394Oct 6, 2024Updated last year
• trickster0 / OffensiveRust

  View on GitHub
  Rust Weaponization for Red Team Engagements.
  ☆2,982Apr 25, 2024Updated last year
• 0xTriboulet / Revenant

  View on GitHub
  Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework
  ☆389Jul 30, 2024Updated last year
• naksyn / Pyramid

  View on GitHub
  a tool to help operate in EDRs' blind spots
  ☆767Dec 2, 2024Updated last year
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆675Dec 23, 2022Updated 3 years ago
• Accenture / Spartacus

  View on GitHub
  Spartacus DLL/COM Hijacking Toolkit
  ☆1,083Feb 1, 2024Updated 2 years ago
• Mr-Un1k0d3r / EDRs

  View on GitHub
  ☆2,169Feb 21, 2023Updated 2 years ago
• LloydLabs / shellcode-plain-sight

  View on GitHub
  Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
  ☆209Nov 12, 2025Updated 3 months ago
• Xacone / BestEdrOfTheMarket

  View on GitHub
  EDR Lab for Experimentation Purposes
  ☆1,409Jan 20, 2026Updated 3 weeks ago
• RedTeamOperations / Advanced-Process-Injection-Workshop

  View on GitHub
  ☆778Oct 17, 2023Updated 2 years ago
• Kudaes / Elevator

  View on GitHub
  UAC bypass by abusing RPC and debug objects.
  ☆627Oct 19, 2023Updated 2 years ago
• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,781Aug 30, 2024Updated last year
• Idov31 / Nidhogg

  View on GitHub
  Nidhogg is an all-in-one simple to use windows kernel rootkit.
  ☆2,235Updated this week
• thefLink / Hunt-Sleeping-Beacons

  View on GitHub
  Aims to identify sleeping beacons
  ☆661Jan 25, 2026Updated 3 weeks ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,366Oct 27, 2023Updated 2 years ago
• f1zm0 / hades

  View on GitHub
  Go shellcode loader that combines multiple evasion techniques
  ☆387Jun 21, 2023Updated 2 years ago
• MalwareApiLib / MalwareApiLibrary

  View on GitHub
  collection of apis used in malware development
  ☆230Aug 2, 2022Updated 3 years ago
• SaadAhla / Shellcode-Hide

  View on GitHub
  This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp…
  ☆438Aug 2, 2023Updated 2 years ago
• nettitude / ETWHash

  View on GitHub
  C# POC to extract NetNTLMv1/v2 hashes from ETW provider
  ☆259May 10, 2023Updated 2 years ago
• rad9800 / TamperingSyscalls

  View on GitHub
  ☆504Aug 14, 2022Updated 3 years ago
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆536Aug 1, 2022Updated 3 years ago
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,586Jul 31, 2024Updated last year
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• redteamsocietegenerale / DLLirant

  View on GitHub
  DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
  ☆497Nov 29, 2022Updated 3 years ago