Alternatives and similar repositories for windows-sandbox-init

Users that are interested in windows-sandbox-init are comparing it to the libraries listed below

• dhmosfunk / 7-Zip-CVE-2025-0411-POC
  This repository contains POC scenarios as part of CVE-2025-0411 MotW bypass.
  ☆147Updated 8 months ago
• ynwarcs / CVE-2025-21298
  Proof of concept & details for CVE-2025-21298
  ☆191Updated 9 months ago
• flostyen / windows-persistence
  Windows Persistence IT-Security
  ☆106Updated 8 months ago
• DarkSpaceSecurity / SSH-Stealer
  Smart keylogging capability to steal SSH Credentials including password & Private Key
  ☆146Updated 7 months ago
• Network-Sec / CVE-2025-21420-PoC
  We found a way to DLL sideload with cleanmgr.exe
  ☆95Updated 8 months ago
• pacbypass / CVE-2025-11001
  Exploit for CVE-2025-11001 or CVE-2025-11002
  ☆100Updated last week
• SaadAhla / dark-kill
  A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Cal…
  ☆238Updated 5 months ago
• ElJaviLuki / CobaltStrike_OpenBeacon
  Fully functional, from-scratch alternative to the Cobalt Strike Beacon (red teaming tool), offering transparency and flexibility for secu…
  ☆250Updated last year
• Immersive-Labs-Sec / SliverC2-Forensics
  A collection of tools and detections for the Sliver C2 Frameworj
  ☆132Updated 2 years ago
• trickster0 / NamelessC2
  Nameless C2 - A C2 with all its components written in Rust
  ☆278Updated last year
• 0xJs / EnumEDRs
  Enumerate active EDR's on the system
  ☆144Updated last month
• m417z / CVE-2023-36003-POC
  Privilege escalation using the XAML diagnostics API (CVE-2023-36003)
  ☆94Updated last year
• OtterHacker / Conferences
  ☆327Updated last month
• Wh04m1001 / CVE-2024-20656
  ☆137Updated last year
• Wh04m1001 / CVE-2025-48799
  ☆253Updated 4 months ago
• 0xJs / BlockEDRTraffic
  Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …
  ☆251Updated last month
• sfewer-r7 / CVE-2025-22457
  PoC for CVE-2025-22457
  ☆70Updated 6 months ago
• TierZeroSecurity / edr_blocker
  Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…
  ☆139Updated last year
• Dump-GUY / EXE-or-DLL-or-ShellCode
  Just a simple silly PoC demonstrating executable "exe" file that can be used like exe, dll or shellcode...
  ☆171Updated last year
• PeterGabaldon / CVE-2024-7479_CVE-2024-7481
  TeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.
  ☆135Updated 10 months ago
• DevBuiHieu / CVE-2025-33053-Proof-Of-Concept
  CVE-2025-33053 Proof Of Concept (PoC)
  ☆60Updated 4 months ago
• Maldev-Academy / Alphabetfuscation
  Convert your shellcode into an ASCII string
  ☆124Updated 4 months ago
• Azr43lKn1ght / Rusty-PE-Packer
  ☆33Updated 10 months ago
• 0xdea / blindsight
  Red teaming tool to dump LSASS memory, bypassing basic countermeasures.
  ☆240Updated last week
• MatheuZSecurity / ElfDoor-gcc
  ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.
  ☆130Updated 7 months ago
• ricardojoserf / WhoamiAlternatives
  Different methods to get current username without using whoami
  ☆181Updated last year
• passtheticket / CVE-2024-38200
  CVE-2024-38200 & CVE-2024-43609 - Microsoft Office NTLMv2 Disclosure Vulnerability
  ☆145Updated 10 months ago
• MatheuZSecurity / RingReaper
  Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls.
  ☆345Updated 2 months ago
• EgeBalci / evilreplay
  Seamless remote browser session control
  ☆218Updated 4 months ago
• lolc2 / lolc2.github.io
  lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection
  ☆248Updated 5 months ago