icyguider/LightsOut

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/icyguider/LightsOut)

icyguider / LightsOut

Generate an obfuscated DLL that will disable AMSI & ETW

☆330

Alternatives and similar repositories for LightsOut

Users that are interested in LightsOut are comparing it to the libraries listed below

Sorting:

S3cur3Th1sSh1t / Ruy-Lopez
View on GitHub
☆319Jun 28, 2023Updated 2 years ago
Octoberfest7 / DropSpawn_BOF
View on GitHub
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
☆285Jun 8, 2023Updated 2 years ago
florylsk / RecycledInjector
View on GitHub
Native Syscalls Shellcode Injector
☆266Jul 2, 2023Updated 2 years ago
CognisysGroup / HadesLdr
View on GitHub
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
☆293Jul 15, 2023Updated 2 years ago
florylsk / SignatureGate
View on GitHub
Weaponized HellsGate/SigFlip
☆203Jun 7, 2023Updated 2 years ago
dr4k0nia / NixImports
View on GitHub
A .NET malware loader, using API-Hashing to evade static analysis
☆210May 30, 2023Updated 2 years ago
reveng007 / DarkWidow
View on GitHub
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
☆779Jan 26, 2026Updated last month
georgesotiriadis / Chimera
View on GitHub
Automated DLL Sideloading Tool With EDR Evasion Capabilities
☆505Dec 19, 2023Updated 2 years ago
leftp / DPAPISnoop
View on GitHub
A C# tool to output crackable DPAPI hashes from user MasterKeys
☆140Sep 14, 2024Updated last year
f1zm0 / acheron
View on GitHub
indirect syscalls for AV/EDR evasion in Go assembly
☆374Jun 13, 2023Updated 2 years ago
passthehashbrowns / BOFMask
View on GitHub
☆125Jun 28, 2023Updated 2 years ago
mertdas / SharpTerminator
View on GitHub
Terminate AV/EDR Processes using kernel driver
☆352Jun 12, 2023Updated 2 years ago
grimlockx / ADCSKiller
View on GitHub
An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer
☆738May 19, 2023Updated 2 years ago
Dec0ne / DavRelayUp
View on GitHub
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
☆568Jun 5, 2023Updated 2 years ago
ZeroMemoryEx / Blackout
View on GitHub
kill anti-malware protected processes ( BYOVD )
☆968Jul 21, 2023Updated 2 years ago
optiv / Freeze.rs
View on GitHub
Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
☆721Aug 18, 2023Updated 2 years ago
x0reaxeax / PageSplit
View on GitHub
Splitting and executing shellcode across multiple pages
☆103Jun 8, 2023Updated 2 years ago
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆434Dec 21, 2023Updated 2 years ago
kleiton0x00 / Proxy-DLL-Loads
View on GitHub
A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
☆411Jan 11, 2026Updated last month
lem0nSec / ShellGhost
View on GitHub
A memory-based evasion technique which makes shellcode invisible from process start to end.
☆1,198Oct 16, 2023Updated 2 years ago
optiv / Freeze
View on GitHub
Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
☆1,470Aug 18, 2023Updated 2 years ago
BlackSnufkin / NovaLdr
View on GitHub
Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
☆261Jun 29, 2024Updated last year
WKL-Sec / HiddenDesktop
View on GitHub
HVNC for Cobalt Strike
☆1,301Dec 7, 2023Updated 2 years ago
wh0amitz / S4UTomato
View on GitHub
Escalate Service Account To LocalSystem via Kerberos
☆403Sep 14, 2023Updated 2 years ago
Mr-Un1k0d3r / Cookie-and-Handle-Stealer
View on GitHub
C or BOF file to extract WebKit master key to decrypt user cookie
☆207Apr 29, 2024Updated last year
namazso / MagicSigner
View on GitHub
Signtool for expired certificates
☆515Jun 10, 2023Updated 2 years ago
SaadAhla / TakeMyRDP
View on GitHub
A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing i…
☆398Aug 2, 2023Updated 2 years ago
wh0amitz / KRBUACBypass
View on GitHub
UAC Bypass By Abusing Kerberos Tickets
☆508Aug 10, 2023Updated 2 years ago
zblurx / certsync
View on GitHub
Dump NTDS with golden certificates and UnPAC the hash
☆647Mar 20, 2024Updated last year
Accenture / Spartacus
View on GitHub
Spartacus DLL/COM Hijacking Toolkit
☆1,083Feb 1, 2024Updated 2 years ago
x42en / sysplant
View on GitHub
Your syscall factory
☆126Jan 13, 2026Updated last month
nettitude / ETWHash
View on GitHub
C# POC to extract NetNTLMv1/v2 hashes from ETW provider
☆258May 10, 2023Updated 2 years ago
CodeXTF2 / WindowSpy
View on GitHub
WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
☆281Feb 24, 2025Updated last year
Octoberfest7 / MemFiles
View on GitHub
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
☆473Jul 6, 2024Updated last year
YOLOP0wn / POSTDump
View on GitHub
☆341Nov 10, 2025Updated 3 months ago
mgeeky / ProtectMyTooling
View on GitHub
Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts wa…
☆1,051Oct 14, 2025Updated 4 months ago
REDMED-X / OperatorsKit
View on GitHub
Collection of Beacon Object Files (BOF) for Cobalt Strike
☆675Aug 15, 2025Updated 6 months ago
Accenture / Codecepticon
View on GitHub
.NET/PowerShell/VBA Offensive Security Obfuscator
☆517Feb 1, 2024Updated 2 years ago
f1zm0 / hades
View on GitHub
Go shellcode loader that combines multiple evasion techniques
☆389Jun 21, 2023Updated 2 years ago