Alternatives and similar repositories for exe_to_dll

Users that are interested in exe_to_dll are comparing it to the libraries listed below

• hasherezade / dll_to_exe

  View on GitHub
  Converts a DLL into EXE
  ☆820Jul 23, 2023Updated 2 years ago
• hasherezade / pe_to_shellcode

  View on GitHub
  Converts PE into a shellcode
  ☆2,734Aug 30, 2025Updated 5 months ago
• phra / PEzor

  View on GitHub
  Open-Source Shellcode & PE Packer
  ☆2,063Feb 3, 2024Updated 2 years ago
• med0x2e / SigFlip

  View on GitHub
  SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…
  ☆1,253Aug 27, 2023Updated 2 years ago
• jthuraisamy / SysWhispers2

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,789Sep 3, 2022Updated 3 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,004Jun 4, 2024Updated last year
• CCob / SharpBlock

  View on GitHub
  A method of bypassing EDR's active projection DLL's by preventing entry point exection
  ☆1,164Mar 31, 2021Updated 4 years ago
• daem0nc0re / TangledWinExec

  View on GitHub
  PoCs and tools for investigation of Windows process execution techniques
  ☆953Feb 2, 2026Updated last week
• TheWover / donut

  View on GitHub
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆4,452Jul 8, 2025Updated 7 months ago
• nettitude / RunPE

  View on GitHub
  C# Reflective loader for unmanaged binaries.
  ☆447Jan 25, 2023Updated 3 years ago
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,199Oct 16, 2023Updated 2 years ago
• WKL-Sec / HiddenDesktop

  View on GitHub
  HVNC for Cobalt Strike
  ☆1,297Dec 7, 2023Updated 2 years ago
• monoxgas / sRDI

  View on GitHub
  Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
  ☆2,497Nov 15, 2023Updated 2 years ago
• 0x09AL / RdpThief

  View on GitHub
  Extracting Clear Text Passwords from mstsc.exe using API Hooking.
  ☆1,422Jul 20, 2024Updated last year
• jthuraisamy / SysWhispers

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,985Jan 1, 2023Updated 3 years ago
• Octoberfest7 / Inline-Execute-PE

  View on GitHub
  Execute unmanaged Windows executables in CobaltStrike Beacons
  ☆714Mar 4, 2023Updated 2 years ago
• aahmad097 / AlternativeShellcodeExec

  View on GitHub
  Alternative Shellcode Execution Via Callbacks
  ☆1,696Nov 11, 2022Updated 3 years ago
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆682Mar 11, 2024Updated last year
• outflanknl / Dumpert

  View on GitHub
  LSASS memory dumper using direct system calls and API unhooking.
  ☆1,577Jan 5, 2021Updated 5 years ago
• CCob / ThreadlessInject

  View on GitHub
  Threadless Process Injection using remote function hooking.
  ☆808Sep 4, 2024Updated last year
• boku7 / BokuLoader

  View on GitHub
  A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
  ☆1,398Nov 22, 2023Updated 2 years ago
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,294Mar 21, 2025Updated 10 months ago
• med0x2e / ExecuteAssembly

  View on GitHub
  Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…
  ☆595Jul 26, 2021Updated 4 years ago
• ZeroMemoryEx / Terminator

  View on GitHub
  Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
  ☆1,040Jun 20, 2023Updated 2 years ago
• Mr-Un1k0d3r / SCShell

  View on GitHub
  Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
  ☆1,594Jul 10, 2023Updated 2 years ago
• G0ldenGunSec / SharpSecDump

  View on GitHub
  .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
  ☆610Feb 16, 2023Updated 2 years ago
• fortra / nanodump

  View on GitHub
  The swiss army knife of LSASS dumping
  ☆2,069Sep 17, 2024Updated last year
• SaadAhla / FilelessPELoader

  View on GitHub
  Loading Remote AES Encrypted PE in memory , Decrypted it and run it
  ☆1,021Aug 29, 2023Updated 2 years ago
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• aaaddress1 / RunPE-In-Memory

  View on GitHub
  Run a Exe File (PE Module) in memory (like an Application Loader)
  ☆937Mar 28, 2021Updated 4 years ago
• icyguider / Shhhloader

  View on GitHub
  Syscall Shellcode Loader (Work in Progress)
  ☆1,257May 8, 2024Updated last year
• trustedsec / COFFLoader

  View on GitHub
  ☆612Jul 21, 2025Updated 6 months ago
• Flangvik / NetLoader

  View on GitHub
  Loads any C# binary in mem, patching AMSI + ETW.
  ☆839Oct 3, 2021Updated 4 years ago
• weak1337 / Alcatraz

  View on GitHub
  x64 binary obfuscator
  ☆1,958Jul 14, 2023Updated 2 years ago
• Cracked5pider / Ekko

  View on GitHub
  Sleep Obfuscation
  ☆814Dec 3, 2023Updated 2 years ago
• ZeroMemoryEx / Blackout

  View on GitHub
  kill anti-malware protected processes ( BYOVD )
  ☆970Jul 21, 2023Updated 2 years ago
• hasherezade / libpeconv

  View on GitHub
  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
  ☆1,323Oct 31, 2025Updated 3 months ago
• ajpc500 / BOFs

  View on GitHub
  Collection of Beacon Object Files
  ☆633Nov 1, 2022Updated 3 years ago
• antonioCoco / RoguePotato

  View on GitHub
  Another Windows Local Privilege Escalation from Service Account to System
  ☆1,148Jan 9, 2021Updated 5 years ago