Alternatives and similar repositories for LazyHook

Users that are interested in LazyHook are comparing it to the libraries listed below

• rxOred / process-hollowing

  View on GitHub
  process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
  ☆31Jan 9, 2022Updated 4 years ago
• winsecurity / AMSI-Bypass-HWBP

  View on GitHub
  ☆26Aug 11, 2025Updated 6 months ago
• tdeerenberg / InlineWhispers3

  View on GitHub
  Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
  ☆99Jul 9, 2025Updated 7 months ago
• kleiton0x00 / RtlHijack

  View on GitHub
  Alternative Read and Write primitives using Rtl* functions the unintended way.
  ☆78Aug 25, 2025Updated 5 months ago
• 0xcf80 / ShellCodeLoader_Indirect_Syscalls

  View on GitHub
  Shellcode Loader using indirect syscalls
  ☆16Jan 21, 2024Updated 2 years ago
• Teach2Breach / rust_api_demo

  View on GitHub
  various methods of making API calls
  ☆19Feb 1, 2025Updated last year
• zx0CF1 / shredder-rs

  View on GitHub
  A high-fidelity x86_64 polymorphic mutation engine focused on instruction-level fragmentation and context preservation.
  ☆109Jan 18, 2026Updated 3 weeks ago
• yamakadi / ldr

  View on GitHub
  A work in progress BOF/COFF loader in Rust
  ☆50Mar 22, 2023Updated 2 years ago
• zimnyaa / smbsocks

  View on GitHub
  A simple rpc2socks alternative in pure Go.
  ☆31Jul 8, 2024Updated last year
• cybersectroll / TrollDisappearKey

  View on GitHub
  ☆51Jul 8, 2025Updated 7 months ago
• Xenov-X / csbot

  View on GitHub
  Golang Automation Framework for Cobalt Strike using the Rest API
  ☆56Dec 4, 2025Updated 2 months ago
• 0xflux / Hells-Hollow

  View on GitHub
  Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls
  ☆214Aug 31, 2025Updated 5 months ago
• EricEsquivel / OpsLoader

  View on GitHub
  A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader
  ☆45Sep 25, 2024Updated last year
• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆231Feb 12, 2025Updated last year
• dmcxblue / PyObscura

  View on GitHub
  A python script that automates a C2 Profile build
  ☆48Dec 14, 2025Updated last month
• cybersectroll / TrollAMSIdotnet

  View on GitHub
  ☆16Jun 15, 2025Updated 7 months ago
• whokilleddb / funcshenanigans

  View on GitHub
  A bunch of shenanigans using functions, VEH and more
  ☆37Jun 8, 2025Updated 8 months ago
• Thunter-HackTeam / EvilentCoerce

  View on GitHub
  ☆159May 5, 2025Updated 9 months ago
• dmcxblue / AzureFunctionRedirector

  View on GitHub
  ☆50Apr 9, 2025Updated 10 months ago
• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆135Apr 6, 2025Updated 10 months ago
• Bl4ckM1rror / PEAs

  View on GitHub
  ☆61Dec 15, 2023Updated 2 years ago
• redr0nin / CVE-2024-38143

  View on GitHub
  Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
  ☆24Feb 5, 2025Updated last year
• CICADA8-Research / RpcMotion

  View on GitHub
  Execute commands, in/exfiltrate files using your custom RPC Server
  ☆63Jan 13, 2026Updated last month
• Meowmycks / koneko

  View on GitHub
  Robust Cobalt Strike shellcode loader with multiple advanced evasion features
  ☆199Apr 21, 2025Updated 9 months ago
• NUL0x4C / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆61May 12, 2025Updated 9 months ago
• EgeBalci / Hook_API

  View on GitHub
  Assembly block for hooking windows API functions.
  ☆94Jul 16, 2019Updated 6 years ago
• paranoidninja / PI-Tracker

  View on GitHub
  A tracker DLL which enables 'NTAPI->Syscall' tracking whenever it is loaded. It calls 'NtSetInformationProcess' API call with a callback …
  ☆14Oct 21, 2024Updated last year
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆106Aug 21, 2024Updated last year
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆408Jan 11, 2026Updated last month
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• nbaertsch / Shrike

  View on GitHub
  Hunting and injecting RWX 'mockingjay' DLLs in pure nim
  ☆59Dec 11, 2024Updated last year
• hwbp / NTDLL-Unhook

  View on GitHub
  proper ntdll .text section unhooking via native api. unlike other unhookers this doesnt leave 2 ntdlls loaded. x86/x64/wow64 supported.
  ☆52Dec 9, 2025Updated 2 months ago
• Teach2Breach / stargate

  View on GitHub
  Locate dlls and function addresses without PEB Walk and EAT parsing
  ☆104Nov 7, 2025Updated 3 months ago
• andreisss / Living-off-the-COM-Type-Coercion-Abuse

  View on GitHub
  This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…
  ☆51May 16, 2025Updated 8 months ago
• Mr-Un1k0d3r / MsGraphFunzy

  View on GitHub
  Scripts to interact with Microsoft Graph APIs
  ☆44Nov 7, 2024Updated last year
• Cracked5pider / CodeCave

  View on GitHub
  A bunch of scripts and code i wrote.
  ☆149Nov 7, 2024Updated last year
• kas-sec / version.dll-sideloading

  View on GitHub
  sideloading PoC using onedrive.exe & version.dll
  ☆91Oct 30, 2025Updated 3 months ago
• lem0nSec / SkeletonKey

  View on GitHub
  Reproducing the SkeletonKey malware.
  ☆11Apr 6, 2024Updated last year
• 0x3rhy / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆13Feb 4, 2024Updated 2 years ago