Alternatives and similar repositories for Nimhawk

Users that are interested in Nimhawk are comparing it to the libraries listed below

• 0xsch1zo / NullGate
  Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
  ☆152Updated last week
• safedv / RustSoliloquy
  A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …
  ☆168Updated 3 months ago
• andreisss / Ghosting-AMSI
  Ghosting-AMSI
  ☆207Updated 3 months ago
• gsmith257-cyber / better-sliver
  Adversary Emulation Framework
  ☆121Updated last month
• NtDallas / Svartalfheim
  Stage 0
  ☆163Updated 7 months ago
• 0xthirteen / Carseat
  Python implementation of GhostPack's Seatbelt situational awareness tool
  ☆263Updated 8 months ago
• RedSiege / Jigsaw
  Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
  ☆197Updated 4 months ago
• som3canadian / Cloudflare-Redirector
  Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.
  ☆172Updated 4 months ago
• cybersectroll / TrollAMSI
  ☆181Updated last month
• Offensive-Panda / LsassReflectDumping
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆204Updated 9 months ago
• rad9800 / byor
  ☆143Updated last month
• 0xsp-SRD / MDE_Enum
  comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
  ☆204Updated last year
• fin3ss3g0d / StoneKeeper
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆206Updated 7 months ago
• ZERODETECTION / MSC_Dropper
  ☆189Updated last year
• Octoberfest7 / Secure_Stager
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆190Updated 8 months ago
• rtecCyberSec / BitlockMove
  Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking
  ☆317Updated last month
• Hacker-Hermanos / C2_INFRA_WORKSHOP_DEFCON32_RED_TEAM_VILLAGE
  C2 Infrastructure Automation
  ☆108Updated last month
• boku7 / StringReaper
  Reaping treasures from strings in remote processes memory
  ☆266Updated 6 months ago
• badsectorlabs / ludus_adaptix_c2
  An Ansible role that install the Adaptix C2 server and/or client on Debian based hosts
  ☆163Updated 2 months ago
• Octoberfest7 / zip_smuggling
  Python3 utility for creating zip files that smuggle additional data for later extraction
  ☆251Updated 2 months ago
• Leo4j / Invoke-SMBRemoting
  Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement
  ☆174Updated 2 months ago
• Thunter-HackTeam / EvilentCoerce
  ☆144Updated 3 months ago
• boku7 / patchwerk
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆186Updated 6 months ago
• 0xNinjaCyclone / EarlyCascade
  A PoC for Early Cascade process injection technique.
  ☆189Updated 6 months ago
• rvrsh3ll / Bolthole
  Dig your way out of networks like a Meerkat using SSH tunnels via ClickOnce.
  ☆213Updated 3 months ago
• TheManticoreProject / Delegations
  A tool to work with all types of Kerberos delegations (unconstrained, constrained, and resource-based constrained delegations) in Active …
  ☆201Updated last month
• Diverto / IPPrintC2
  PoC for using MS Windows printers for persistence / command and control via Internet Printing
  ☆147Updated last year
• 0xdea / blindsight
  Red teaming tool to dump LSASS memory, bypassing basic countermeasures.
  ☆229Updated 7 months ago
• NeffIsBack / wsuks
  Automating the MITM attack on WSUS
  ☆259Updated last month
• SaadAhla / dark-kill
  A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Cal…
  ☆204Updated 2 months ago