Alternatives and similar repositories for go-ntdll:

Users that are interested in go-ntdll are comparing it to the libraries listed below

• zaneGittins / go-inject
  Process injection techniques written in Go.
  ☆62Updated last year
• capt-meelo / NtCreateUserProcess
  Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html
  ☆134Updated 2 years ago
• Ne0nd0g / go-clr
  A PoC package for hosting the CLR and executing .NET from Go
  ☆71Updated 8 months ago
• timwhitez / Doge-sRDI
  Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode
  ☆59Updated 4 years ago
• aus / gopherheaven
  Go implementation of the Heaven's Gate technique
  ☆97Updated 4 years ago
• NaniteFactory / dllmain
  WinAPI DllMain() and its hook in Golang. To build & run in bash: $ make
  ☆22Updated 6 years ago
• Ne0nd0g / winhttp
  A library to make HTTP requests with the Windows winhttp API
  ☆23Updated last year
• Hagrid29 / BYOVDKit
  bring your own vulnerable driver
  ☆92Updated last year
• neox41 / go-procinject
  Process Injection Techniques with Golang
  ☆76Updated 4 years ago
• 0xlane / process_ghosting
  ProcessGhosting 技术的 rust 实现版本
  ☆25Updated 5 months ago
• xenoscr / manual-syscall-detect
  A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
  ☆109Updated 3 years ago
• janoglezcampos / c_syscalls
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆133Updated 2 years ago
• MahmoudZohdy / APICallProxy
  Windows API Call Obfuscation
  ☆99Updated 2 years ago
• ayoul3 / reflect-pe
  Reflectively load PE
  ☆102Updated 4 years ago
• NUL0x4C / ManualRsrcDataFetching
  Get your data from the resource section manually, with no need for windows apis
  ☆59Updated 5 months ago
• EvanMcBroom / perfect-loader
  Load a dynamic library from memory by modifying the native Windows loader
  ☆211Updated 2 months ago
• trickster0 / LdrLoadDll-Unhooking
  LdrLoadDll Unhooking
  ☆129Updated 3 years ago
• abdullah2993 / go-runpe
  execute a PE in the address space of another PE aka process hollowing
  ☆55Updated 3 years ago
• moloch-- / memmod
  Fork of Wireguard's Memmod
  ☆16Updated 2 years ago
• SECFORCE / DLL-Hollow-PoC
  DLL Hollowing PoC - Remote and Self shellcode injection
  ☆78Updated 3 years ago
• Jhangju / goLang-injectors
  This project will guide yout to awareness of injection in almost every window API and process.
  ☆24Updated 3 years ago
• elastic / PPLGuard
  ☆69Updated last month
• Enelg52 / Backpack
  Golang packer that use process hollowing
  ☆17Updated 2 years ago
• fortra / hw-call-stack
  Use hardware breakpoints to spoof the call stack for both syscalls and API calls
  ☆190Updated 9 months ago
• listinvest / undonut
  Unpacker for donut shellcode
  ☆17Updated 4 years ago
• jdu2600 / EtwTi-FluctuationMonitor
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆118Updated last year
• Ne0nd0g / go-coff
  Load and execute a common object file format (COFF) in the current process
  ☆28Updated last year
• lesnuages / go-execute-assembly
  Allow a Go process to dynamically load .NET assemblies
  ☆148Updated 5 years ago
• Hagrid29 / RemotePatcher
  Patch AMSI and ETW in remote process via direct syscall
  ☆81Updated 2 years ago
• NUL0x4C / EtwSessionHijacking
  A Poc on blocking Procmon from monitoring network events
  ☆100Updated 2 years ago