Alternatives and similar repositories for Winton

Users that are interested in Winton are comparing it to the libraries listed below

• pygrum / monarch

  View on GitHub
  Monarch - The Adversary Emulation Toolkit
  ☆63Jan 7, 2025Updated last year
• S1lkys / SharpKiller

  View on GitHub
  Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8
  ☆351Aug 29, 2024Updated last year
• OffenseTeacher / Steganim

  View on GitHub
  ☆46Jun 21, 2023Updated 2 years ago
• cbrnrd / maliketh

  View on GitHub
  🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python
  ☆45Feb 6, 2026Updated last week
• naksyn / Embedder

  View on GitHub
  Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
  ☆123May 29, 2024Updated last year
• icyguider / LatLoader

  View on GitHub
  PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
  ☆307Dec 9, 2023Updated 2 years ago
• gatariee / ldrgen

  View on GitHub
  Template-based generation of shellcode loaders
  ☆80Apr 20, 2024Updated last year
• matro7sh / matro7sh_loaders

  View on GitHub
  this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)
  ☆83Dec 20, 2023Updated 2 years ago
• MzHmO / NtlmThief

  View on GitHub
  Extracting NetNTLM without touching lsass.exe
  ☆242Nov 27, 2023Updated 2 years ago
• ipSlav / DirtyCLR

  View on GitHub
  An App Domain Manager Injection DLL PoC on steroids
  ☆210Dec 14, 2023Updated 2 years ago
• nickvourd / Supernova

  View on GitHub
  Real fucking shellcode encryptor & obfuscator tool
  ☆1,012Jan 7, 2026Updated last month
• Maldev-Academy / Christmas

  View on GitHub
  ☆259Jan 21, 2024Updated 2 years ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆772Jan 26, 2026Updated 2 weeks ago
• rasta-mouse / CsWhispers

  View on GitHub
  Source generator to add D/Invoke and indirect syscall methods to a C# project.
  ☆186Mar 4, 2024Updated last year
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆325Apr 12, 2024Updated last year
• TunnelGRE / Percino

  View on GitHub
  Evasive Golang Loader
  ☆137Jul 27, 2024Updated last year
• florylsk / NtRemoteLoad

  View on GitHub
  Remote Shellcode Injector
  ☆221Aug 27, 2023Updated 2 years ago
• Flawww / NtSyscaller

  View on GitHub
  Manually perform syscalls without going through any external API or DLL.
  ☆19Apr 19, 2023Updated 2 years ago
• mertdas / RedPersist

  View on GitHub
  ☆222Mar 10, 2024Updated last year
• hackerhouse-opensource / OffensiveLua

  View on GitHub
  Offensive Lua.
  ☆221Feb 2, 2026Updated last week
• ph4nt0mbyt3 / Darkside

  View on GitHub
  C# AV/EDR Killer using less-known driver (BYOVD)
  ☆185Nov 10, 2023Updated 2 years ago
• blackarrowsec / Handly

  View on GitHub
  Abuse leaked token handles.
  ☆134Dec 14, 2023Updated 2 years ago
• pard0p / CallstackSpoofingPOC

  View on GitHub
  C++ self-Injecting dropper based on various EDR evasion techniques.
  ☆425Feb 11, 2024Updated 2 years ago
• g0h4n / REC2

  View on GitHub
  REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs…
  ☆163Feb 22, 2024Updated last year
• hackerhouse-opensource / Artillery

  View on GitHub
  CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…
  ☆182Feb 2, 2026Updated last week
• Leo4j / Amnesiac

  View on GitHub
  Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Direc…
  ☆440Oct 1, 2025Updated 4 months ago
• EspressoCake / DefenderPathExclusions

  View on GitHub
  Creation and removal of Defender path exclusions and exceptions in C#.
  ☆33Nov 1, 2023Updated 2 years ago
• 1N73LL1G3NC3x / Nightmangle

  View on GitHub
  ☆164Sep 26, 2023Updated 2 years ago
• PhrozenIO / SharpShellPipe

  View on GitHub
  This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.
  ☆122Feb 21, 2025Updated 11 months ago
• eversinc33 / GpuDecryptShellcode

  View on GitHub
  XOR decrypting shellcode using the GPU with OpenCL.
  ☆120May 22, 2025Updated 8 months ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆100Oct 7, 2023Updated 2 years ago
• Tw1sm / PySQLRecon

  View on GitHub
  Offensive MSSQL toolkit written in Python, based off SQLRecon
  ☆207Jan 12, 2025Updated last year
• nbaertsch / nimvoke

  View on GitHub
  Indirect syscalls + DInvoke made simple.
  ☆96Dec 24, 2024Updated last year
• lsecqt / ThreadlessInject-C-Implementation

  View on GitHub
  This repository implements Threadless Injection in C
  ☆172Dec 23, 2023Updated 2 years ago
• BC-SECURITY / IronSharpPack

  View on GitHub
  IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…
  ☆118May 2, 2024Updated last year
• Enelg52 / KittyStager

  View on GitHub
  KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this p…
  ☆229Jun 6, 2023Updated 2 years ago
• nettitude / SharpConflux

  View on GitHub
  ☆65Mar 15, 2024Updated last year
• slemire / WSPCoerce

  View on GitHub
  PoC to coerce authentication from Windows hosts using MS-WSP
  ☆300Sep 7, 2023Updated 2 years ago
• 0xEr3bus / ShadowForgeC2

  View on GitHub
  ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.
  ☆51Jul 15, 2023Updated 2 years ago