Alternatives and similar repositories for JonMon-Lite

Users that are interested in JonMon-Lite are comparing it to the libraries listed below

• eversinc33 / drvtrace

  View on GitHub
  WinDbg plugin to trace module transitions from a debugged driver.
  ☆40Dec 22, 2025Updated last month
• rxOred / process-hollowing

  View on GitHub
  process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
  ☆31Jan 9, 2022Updated 4 years ago
• TROUBLE-1 / AzDevRecon

  View on GitHub
  AzDevRecon is a powerful web-based enumeration tool for offensive security professionals, red teamers, and pentesters targeting Azure Dev…
  ☆25Oct 13, 2025Updated 4 months ago
• leftp / SharpPXE

  View on GitHub
  A C# tool for extracting information from SCCM PXE boot media.
  ☆45Jan 14, 2026Updated last month
• kypvas / LDIFToBloodHound

  View on GitHub
  A Windows tool that converts LDIF files to BloodHound CE
  ☆25Dec 20, 2025Updated last month
• EspressoCake / ADIDNS_Parser

  View on GitHub
  Parser and reconciliation tooling for large Active Directory environments.
  ☆33Feb 18, 2025Updated 11 months ago
• logangoins / BadTakeover-BOF

  View on GitHub
  Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
  ☆85Oct 20, 2025Updated 3 months ago
• deepinstinct / AMSI-Unchained

  View on GitHub
  Unchain AMSI by patching the provider’s unmonitored memory space
  ☆91Nov 24, 2022Updated 3 years ago
• artemy-ccrsky / DecryptRecoveryLAPS_RPC

  View on GitHub
  A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.
  ☆29Jun 9, 2025Updated 8 months ago
• rbmm / SC_DEMO

  View on GitHub
  ☆125Dec 12, 2025Updated 2 months ago
• MaorSabag / impacket-jump

  View on GitHub
  Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service load…
  ☆119Dec 7, 2025Updated 2 months ago
• LuemmelSec / AD-Ghost

  View on GitHub
  ☆55Nov 18, 2025Updated 2 months ago
• duhirsch / MoveEdr

  View on GitHub
  Permanently disable EDRs as local admin
  ☆125Dec 19, 2025Updated last month
• S3cur3Th1sSh1t / SharpUnhooker

  View on GitHub
  C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)
  ☆25Mar 7, 2023Updated 2 years ago
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆183Jan 17, 2026Updated 3 weeks ago
• V-i-x-x / win11-kernel-execution-syscall-hijack

  View on GitHub
  Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)
  ☆57Jun 15, 2025Updated 8 months ago
• amberchalia / fraction_loader

  View on GitHub
  ☆48Oct 14, 2025Updated 4 months ago
• buldansec / EnableEFS

  View on GitHub
  Enable EFS service as low priv user (PE & BOF)
  ☆21Jul 6, 2025Updated 7 months ago
• Octoberfest7 / ThreadCPUAssignment_POC

  View on GitHub
  A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread
  ☆30Sep 24, 2025Updated 4 months ago
• 22XploiterCrew-Team / Hash-Cracking

  View on GitHub
  CRACK AND CHECK HASH TYPES IN BULK
  ☆13Jul 28, 2021Updated 4 years ago
• dobin / detonator

  View on GitHub
  Orchestrate detonating your MalDev in VMs with different EDRs to see their detection surface.
  ☆22Jan 30, 2026Updated 2 weeks ago
• mochabyte0x / TrampoLatte

  View on GitHub
  A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
  ☆18Jun 26, 2025Updated 7 months ago
• dmcxblue / WSL-Payloads

  View on GitHub
  A small How-To on creating your own weaponized WSL file
  ☆119Jul 23, 2025Updated 6 months ago
• EvilBytecode / ExitPatcher

  View on GitHub
  Prevent in-process process termination by patching exit APIs
  ☆63Nov 9, 2025Updated 3 months ago
• pathtofile / SealighterTI

  View on GitHub
  Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
  ☆197Dec 6, 2022Updated 3 years ago
• t3hbb / citrixphishlet

  View on GitHub
  Citrix Phishlet
  ☆24Feb 2, 2021Updated 5 years ago
• JCSteiner / Emperor-Public

  View on GitHub
  Payload Generation Workflow
  ☆40Jul 18, 2025Updated 6 months ago
• patrickt2017 / VEHNetLoader

  View on GitHub
  Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
  ☆50Jul 6, 2025Updated 7 months ago
• MythicAgents / Kharon-Mtc

  View on GitHub
  C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…
  ☆196Dec 30, 2025Updated last month
• ZephrFish / PurpleTeamWorkshop-LabManual

  View on GitHub
  Purple Team Workshop by @jorgeorchilles
  ☆12Apr 26, 2025Updated 9 months ago
• 0xTriboulet / emerald_template

  View on GitHub
  A cmake template for crystal palace
  ☆38Dec 20, 2025Updated last month
• Fudgedotdotdot / nimpersonate

  View on GitHub
  Impersonate Windows tokens in Nim
  ☆23Aug 4, 2025Updated 6 months ago
• dgros / Malware_Analyzer

  View on GitHub
  Framework complet d'analyse de malware
  ☆12Feb 22, 2016Updated 9 years ago
• CyberCX-STA / Peep

  View on GitHub
  A tool designed to hook into Windows applications and output named (and anonymous?) pipe traffic.
  ☆14Feb 27, 2024Updated last year
• racoten / CannonLoader

  View on GitHub
  Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs
  ☆23Jul 11, 2025Updated 7 months ago
• ic3qu33n / REcon2024-GOP-Complex

  View on GitHub
  REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""
  ☆14Mar 31, 2025Updated 10 months ago
• garrettfoster13 / scomhunter

  View on GitHub
  ☆31Updated this week
• gam4er / SneakyRun

  View on GitHub
  Some stuff for PHD2021
  ☆14May 21, 2025Updated 8 months ago
• garrettfoster13 / CVE-2025-59501

  View on GitHub
  CVE-2025-59501 POC code
  ☆25Nov 20, 2025Updated 2 months ago