Alternatives and similar repositories for WatchDogKiller

Users that are interested in WatchDogKiller are comparing it to the libraries listed below

• 0xTriboulet / ai-postex

  View on GitHub
  Proof-of-concept implementation of AI-enabled postex DLLs
  ☆54Sep 10, 2025Updated 5 months ago
• Shrfnt77 / AmsiBypass

  View on GitHub
  Bypassing Amsi using LdrLoadDll
  ☆47Jan 8, 2025Updated last year
• dis0rder0x00 / obex

  View on GitHub
  Obex – Blocking unwanted DLLs in user mode
  ☆280Sep 18, 2025Updated 4 months ago
• ANYLNK / NSecSoftBYOVD

  View on GitHub
  NSecSoftBYOVD POC
  ☆55Updated this week
• zero2504 / EDR-GhostLocker

  View on GitHub
  AppLocker-Based EDR Neutralization
  ☆302Dec 19, 2025Updated last month
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆772Jan 26, 2026Updated 2 weeks ago
• duhirsch / MoveEdr

  View on GitHub
  Permanently disable EDRs as local admin
  ☆125Dec 19, 2025Updated last month
• R41N3RZUF477 / QuickAssist_UAC_Bypass

  View on GitHub
  UAC Bypass using UIAccess program QuickAssist
  ☆208Nov 30, 2025Updated 2 months ago
• kr0tt / EarlyExceptionHandling

  View on GitHub
  Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH
  ☆136Aug 31, 2025Updated 5 months ago
• Leo4j / PPLKiller

  View on GitHub
  Tool to bypass LSA Protection (aka Protected Process Light)
  ☆64Jan 2, 2025Updated last year
• rasta-mouse / Crystal-Loaders

  View on GitHub
  A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
  ☆184Oct 29, 2025Updated 3 months ago
• TwoSevenOneT / WSASS

  View on GitHub
  This is the tool to dump the LSASS process on modern Windows 11
  ☆555Nov 1, 2025Updated 3 months ago
• Shac0x / Wonka

  View on GitHub
  Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but fo…
  ☆164Oct 21, 2025Updated 3 months ago
• Meckazin / ChromeKatz

  View on GitHub
  Dump cookies and credentials directly from Chrome/Edge process memory
  ☆1,401Jan 19, 2026Updated 3 weeks ago
• zero2504 / COMouflage

  View on GitHub
  COM-based DLL Surrogate Injection
  ☆140Dec 9, 2025Updated 2 months ago
• rasta-mouse / LibTP

  View on GitHub
  Crystal Palace library for proxying Nt API calls via the Threadpool
  ☆97Oct 18, 2025Updated 3 months ago
• Kudaes / Elevator

  View on GitHub
  UAC bypass by abusing RPC and debug objects.
  ☆629Oct 19, 2023Updated 2 years ago
• TwoSevenOneT / EDR-Freeze

  View on GitHub
  EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.
  ☆801Nov 1, 2025Updated 3 months ago
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆432Dec 21, 2023Updated 2 years ago
• CICADA8-Research / IHxExec

  View on GitHub
  Process injection alternative
  ☆404Sep 6, 2024Updated last year
• SpiralBL0CK / CVE-2024-40431-CVE-2022-25479-EOP-CHAIN

  View on GitHub
  CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK)
  ☆45Oct 16, 2024Updated last year
• scrt / KexecDDPlus

  View on GitHub
  Exploiting the KsecDD Windows driver through Server Silos
  ☆76Nov 11, 2024Updated last year
• BlackSnufkin / NovaLdr

  View on GitHub
  Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
  ☆259Jun 29, 2024Updated last year
• boku7 / Loki

  View on GitHub
  🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications
  ☆1,290Jun 17, 2025Updated 7 months ago
• rasta-mouse / process-inject-kit

  View on GitHub
  Port of Cobalt Strike's Process Inject Kit
  ☆190Dec 1, 2024Updated last year
• rad9800 / BootExecuteEDR

  View on GitHub
  ☆409Dec 8, 2024Updated last year
• antroguy / GetAccessTokenWithSSOCookie

  View on GitHub
  ☆50Jun 4, 2025Updated 8 months ago
• EduContin / hidden-vnc

  View on GitHub
  HVNC PoC (Hidden VNC) in Rust
  ☆38Sep 2, 2025Updated 5 months ago
• nex121 / RuoyiGui

  View on GitHub
  ☆25Dec 13, 2024Updated last year
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆671Aug 15, 2025Updated 6 months ago
• quarkslab / proxyblob

  View on GitHub
  SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.
  ☆287Apr 29, 2025Updated 9 months ago
• logangoins / Krueger

  View on GitHub
  Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC
  ☆418Sep 29, 2025Updated 4 months ago
• AlteredSecurity / Disable-TamperProtection

  View on GitHub
  A POC to disable TamperProtection and other Defender / MDE components
  ☆253Jun 6, 2024Updated last year
• Meowmycks / koneko

  View on GitHub
  Robust Cobalt Strike shellcode loader with multiple advanced evasion features
  ☆199Apr 21, 2025Updated 9 months ago
• Dec0ne / HWSyscalls

  View on GitHub
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆718Jul 19, 2023Updated 2 years ago
• ricardojoserf / NativeDump

  View on GitHub
  Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
  ☆698May 7, 2025Updated 9 months ago
• helviojunior / hookchain

  View on GitHub
  HookChain: A new perspective for Bypassing EDR Solutions
  ☆589Jan 5, 2025Updated last year
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆609Jan 2, 2025Updated last year
• safedv / RustiveDump

  View on GitHub
  LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…
  ☆381Apr 26, 2025Updated 9 months ago