Alternatives and similar repositories for safe_duck

Users that are interested in safe_duck are comparing it to the libraries listed below

• huoji120 / numen
  简单安排一下 autochk.sys 这个rootkit
  ☆72Updated 2 years ago
• 1013503897 / port_resue
  Linux下应用层注入/hook技术实现端口复用
  ☆1Updated 4 years ago
• y11en / babysc
  自用的shellcode生成框架
  ☆32Updated 2 years ago
• WBGlIl / ReflectiveDLL_Patch
  ☆37Updated 5 years ago
• howmp / CobaltStrikeDetect
  CobaltStrikeDetect
  ☆49Updated last month
• ac0d3r / 0xpe
  [windows]pe -> shellcode -> shellcodeLoader -> (pe2shellcode go on?)
  ☆77Updated 3 years ago
• crisprss / ProcessPlayer
  一些进程注入或者Shellcode注入的实例代码，用于练习和熟悉
  ☆18Updated 3 years ago
• crisprss / Extracted_WD_VDM
  Windows Defender VDM lua collections
  ☆47Updated 2 years ago
• huoji120 / DuckSandboxDetect
  沙箱测试,测评国内常见沙箱的代码与结论
  ☆102Updated 4 years ago
• huoji120 / DuckSysEye
  SysEye是一个window上的基于att&ck现代EDR设计思想的威胁响应工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
  ☆63Updated 2 years ago
• scareing / UAC_wenpon
  UAC_wenpon
  ☆49Updated 3 years ago
• huoji120 / sleep_duck_eye
  Stack integrity verification to Detect SleepMask or CallStack Spoofer
  ☆33Updated 3 weeks ago
• NPC2000 / elf_to_shellcode
  将任何 elf 或命令转换为 shellcode
  ☆17Updated last year
• fuluke / Kdmapper-Bypass360
  过360拦截加载无驱动签名
  ☆60Updated 3 years ago
• huoji120 / APT_Step_Bear_Inject
  复现《EDR的梦魇：Storm-0978使用新型内核注入技术“Step Bear”》
  ☆138Updated 9 months ago
• v0id-re / go-smash
  Obfuscate go binaries. 混淆 go 二进制文件中的函数名
  ☆50Updated 3 years ago
• merlinxcy / memory_execute_golang_elf
  内存加载执行golang elf二进制文件
  ☆28Updated 3 years ago
• Neo-Maoku / Shellcode_Generator
  IDA Python script for generating Windows x86 shellcode with one click
  ☆37Updated 2 years ago
• 0xTalShang / WindowsKernel
  windwos内核研究与驱动Code
  ☆65Updated 3 years ago
• theSecHunter / Hades-Linux
  Hades is a Host-Based Intrusion Detection System based on both eBPF(kernel) and netlink/cn_proc(userspace).
  ☆24Updated 7 months ago
• rootkiter / IDA_Go_Recovery
  IDA7.6/IDA7.7 + Python3 下，Go 可执行文件的符号恢复脚本。已适配 Go1.2/Go1.16/Go1.18/Go1.20
  ☆31Updated 9 months ago
• Ryze-T / EdrKiller
  ☆91Updated 4 years ago
• evilashz / FRP-0.38-DomainFronting
  域前置版本FRP
  ☆15Updated 2 years ago
• idiotc4t / ProcessHollow
  ☆21Updated 5 years ago
• 9bie / exe2shellcode
  Remote Download and Memory Execute for shellcode framework
  ☆92Updated 2 years ago
• izj007 / CrackSleeve
  cs4.0 cs 4.1 beacon加解密
  ☆25Updated 4 years ago
• cbwang505 / poolfengshui
  笔者的在原作者池风水利用工具(以下简称工具)基础上进行二次开发,新增了全自动获取内核调试模块符号的偏移量及配置参数和不同漏洞利用方式优化等功能, 解决了不同Windows版本适配问题,工具包括适配驱动和利用程序两部分组成,实现了在Windows 10 19H1之后任意版本包…
  ☆77Updated 3 years ago
• y11en / schtask-bypass
  免杀计划任务进行权限维持，过主流杀软。 A schtask tool bypass anti-virus
  ☆68Updated 2 years ago
• y11en / BabyBypass
  看起来叫BabyBypass，实际啥都会记一些
  ☆16Updated last year
• Sndav / coffee
  Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器
  ☆62Updated last year