Alternatives and similar repositories for ldrgen

Users that are interested in ldrgen are comparing it to the libraries listed below

• bananabr / CLRInjector

  View on GitHub
  A PoC .NET-specific process injection tool
  ☆57Mar 17, 2024Updated last year
• iamagarre / BadExclusionsNWBO

  View on GitHub
  BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
  ☆75Feb 9, 2024Updated 2 years ago
• rbmm / ARL

  View on GitHub
  ☆24Feb 1, 2025Updated last year
• G0ldenGunSec / SCCM_SQL_Collector

  View on GitHub
  PoC script to demonstrate collection of SCCM attack paths that can be viewed in BH with OpenGraph
  ☆24Aug 2, 2025Updated 6 months ago
• tehstoni / tryharder

  View on GitHub
  C++ Staged Shellcode Loader with Evasion capabilities.
  ☆97Oct 7, 2024Updated last year
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆63Mar 19, 2024Updated last year
• almounah / go-buena-clr

  View on GitHub
  Good CLR Host with Native patchless AMSI Bypass
  ☆102Apr 18, 2025Updated 9 months ago
• pard0p / CallstackSpoofingPOC

  View on GitHub
  C++ self-Injecting dropper based on various EDR evasion techniques.
  ☆425Feb 11, 2024Updated 2 years ago
• dmcxblue / AzureRedirector

  View on GitHub
  A C# project that builds a Web Application which redirects all HTTPS
  ☆26Feb 11, 2025Updated last year
• gatariee / gocheck

  View on GitHub
  Because AV evasion should be easy.
  ☆855Nov 28, 2024Updated last year
• rasta-mouse / CsWhispers

  View on GitHub
  Source generator to add D/Invoke and indirect syscall methods to a C# project.
  ☆186Mar 4, 2024Updated last year
• sudonoodle / Aggressor-NTFY

  View on GitHub
  Cobalt Strike notifications via NTFY.
  ☆15Sep 24, 2024Updated last year
• iilegacyyii / DataInject-BOF

  View on GitHub
  Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
  ☆135Apr 18, 2025Updated 9 months ago
• silentwarble / Hannibal

  View on GitHub
  Mythic C2 Agent written in x64 PIC C
  ☆84Jan 29, 2025Updated last year
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆122Jan 17, 2026Updated 3 weeks ago
• nbaertsch / nimvoke

  View on GitHub
  Indirect syscalls + DInvoke made simple.
  ☆96Dec 24, 2024Updated last year
• outflanknl / edr-internals

  View on GitHub
  Tools for analyzing EDR agents
  ☆277Jun 10, 2024Updated last year
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆609Jan 2, 2025Updated last year
• itm4n / PPLrevenant

  View on GitHub
  Bypass LSA protection using the BYODLL technique
  ☆171Sep 21, 2024Updated last year
• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆231Feb 12, 2025Updated last year
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆408Jan 11, 2026Updated last month
• gatariee / Winton

  View on GitHub
  Command and Control (C2) framework
  ☆132May 16, 2025Updated 8 months ago
• Shrfnt77 / AmsiBypass

  View on GitHub
  Bypassing Amsi using LdrLoadDll
  ☆47Jan 8, 2025Updated last year
• RedSiege / Jigsaw

  View on GitHub
  Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
  ☆202Mar 26, 2025Updated 10 months ago
• netbiosX / AMSI-Provider

  View on GitHub
  A fake AMSI Provider which can be used for persistence.
  ☆155May 16, 2021Updated 4 years ago
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆236Nov 7, 2024Updated last year
• CICADA8-Research / COMThanasia

  View on GitHub
  A set of programs for analyzing common vulnerabilities in COM
  ☆245Sep 8, 2024Updated last year
• EricEsquivel / OpsLoader

  View on GitHub
  A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader
  ☆45Sep 25, 2024Updated last year
• Teach2Breach / snapinject_rs

  View on GitHub
  A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
  ☆50Jan 25, 2025Updated last year
• vxCrypt0r / AMSI_VEH

  View on GitHub
  A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…
  ☆167May 30, 2024Updated last year
• som3canadian / Mythic_NimSyscallPacker_Wrapper

  View on GitHub
  Mythic C2 wrapper for NimSyscallPacker
  ☆25Mar 12, 2025Updated 11 months ago
• eladshamir / BadWindowsService

  View on GitHub
  An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities
  ☆63Aug 25, 2022Updated 3 years ago
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆325Apr 12, 2024Updated last year
• oldboy21 / SWAPPALA

  View on GitHub
  In-memory hiding technique
  ☆63Jan 5, 2025Updated last year
• icyguider / LatLoader

  View on GitHub
  PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
  ☆307Dec 9, 2023Updated 2 years ago
• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆41Aug 28, 2024Updated last year
• michaelweber / CSharpSourceObfuscator

  View on GitHub
  A C# Solution Source Obfuscator for avoiding AV signatures with minimal user interaction. Powered by the Roslyn C# library.
  ☆99Mar 25, 2025Updated 10 months ago
• fin3ss3g0d / NativeThreadpool

  View on GitHub
  Work, timer, and wait callback example using solely Native Windows APIs.
  ☆88Feb 11, 2024Updated 2 years ago
• FatRodzianko / Get-Writable

  View on GitHub
  Find world writable directories that contain a .exe or .dll file
  ☆13Aug 31, 2021Updated 4 years ago