Alternatives and similar repositories for snc

Users that are interested in snc are comparing it to the libraries listed below

• brosck / Frosty
  「🧊」Ring 3 Rootkit for Windows 10
  ☆57Updated 7 months ago
• MatheuZSecurity / UnhookingLinuxEdr
  Attacking the cleanup_module function of a kernel module
  ☆37Updated 2 weeks ago
• xalicex / LOLDrivers_finder
  ☆86Updated last year
• ZeroMemoryEx / Bypass-Sandbox-Evasion
  Bypass Malware Sandbox Evasion Ram check
  ☆137Updated 2 years ago
• eversinc33 / GpuDecryptShellcode
  XOR decrypting shellcode using the GPU with OpenCL.
  ☆100Updated last month
• raykaryshyn / FakeTLS
  Client/server code that impersonates TLS 1.3 to disguise C2 activity.
  ☆70Updated 2 years ago
• ZeroMemoryEx / Overlord
  abusing Process Hacker driver to terminate other processes (BYOVD)
  ☆83Updated 2 years ago
• waawaa / breakcyserver
  ☆50Updated 2 years ago
• PACHAKUTlQ / ThreatCheck
  A malware-analysis tool that identify the exact position and details of malicious content in binary files using external Anti-Virus scann…
  ☆28Updated last year
• ZeroMemoryEx / Tokenizer
  Kernel Mode Driver for Elevating Process Privileges
  ☆132Updated 2 years ago
• klezVirus / RpcProxyInvoke
  Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar
  ☆130Updated 11 months ago
• fortra / CVE-2024-30051
  ☆121Updated 10 months ago
• dlima04 / thread-pool-injection
  PoC for thread pool based process injection in Windows.
  ☆117Updated 3 months ago
• aplyc1a / PEMemoryLoader
  Load static-compiled PE from remote server.
  ☆63Updated 3 years ago
• maliciousgroup / RDI-SRDI
  This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".
  ☆86Updated 2 years ago
• ngn13 / shrk
  LKM rootkit for modern kernels, with DNS C2 and a simple web interface
  ☆72Updated last week
• NUL0x4C / GP
  using the gpu to hide your payload
  ☆59Updated 2 years ago
• MzHmO / SymProcAddress
  Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)
  ☆143Updated last year
• capt-meelo / KernelCallbackTable-Injection
  Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
  ☆128Updated 3 years ago
• WKL-Sec / FuncAddressPro
  A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
  ☆73Updated last year
• oldboy21 / SyscallMeMaybe
  Implementation of Indirect Syscall technique to pop a calc.exe
  ☆102Updated last year
• keowu / BadRentdrv2
  A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering t…
  ☆98Updated 6 months ago
• WKL-Sec / StackMask
  A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.
  ☆64Updated 2 years ago
• Kr0ff / WinMalDev
  Various methods of executing shellcode
  ☆71Updated 2 years ago
• kyleavery / pendulum
  Linux Sleep Obfuscation
  ☆103Updated last year
• cbrnrd / maliketh
  🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python
  ☆45Updated last year
• Maldev-Academy / GhostlyHollowingViaTamperedSyscalls
  Implementing the ghostly hollowing PE injection technique using tampered syscalls.
  ☆166Updated 4 months ago
• eversinc33 / 1.6-C2
  Using the Counter Strike 1.6 RCON protocol as a C2 Channel.
  ☆81Updated 4 months ago
• boku7 / x64win-DynamicNoNull-WinExec-PopCalc-Shellcode
  64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free
  ☆62Updated 2 years ago
• RistBS / ContextMenuHijack
  Execute a payload at each right click on a file/folder in the explorer menu for persistence
  ☆174Updated 2 years ago