Alternatives and similar repositories for winfilter

Users that are interested in winfilter are comparing it to the libraries listed below

• benheise / TitanLdr
  Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH
  ☆48Updated 3 years ago
• JohnWoodman / stealthInjector
  Injects shellcode into remote processes using direct syscalls
  ☆78Updated 4 years ago
• oxfemale / LogonCredentialsSteal
  LOCAL AND REMOTE HOOK msv1_0!SpAcceptCredentials from LSASS.exe and DUMP DOMAIN/LOGIN/PASSWORD IN CLEARTEXT to text file.
  ☆118Updated 5 years ago
• boku7 / halosgate-ps
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆106Updated 2 years ago
• RobinFassinaMoschiniForks / TransitionalPeriod
  Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits
  ☆28Updated 2 years ago
• RedLectroid / APIunhooker
  C++ function that will automagically unhook a specified Windows API
  ☆62Updated 4 years ago
• SolomonSklash / UnhookingPOC
  A small commented POC for removing API hooks placed by AV/EDR.
  ☆34Updated 4 years ago
• RedTeamOperations / VEH-PoC
  ☆115Updated 2 years ago
• SolomonSklash / COM-Hijacking
  An example of COM hijacking using a proxy DLL.
  ☆28Updated 3 years ago
• xalicex / Unhook-Import-Address-Table
  Piece of code to detect and remove hooks in IAT
  ☆63Updated 2 years ago
• b4rth0v5k1 / EarlyBirdNTDLL
  ☆36Updated 2 years ago
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆39Updated last year
• Cobalt-Strike / unhook-bof
  Remove API hooks from a Beacon process.
  ☆57Updated 3 years ago
• mobdk / Upsilon
  Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
  ☆93Updated 3 years ago
• crummie5 / Freshycalls_PoC
  A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯
  ☆40Updated 4 years ago
• asaurusrex / DoppelGate
  DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…
  ☆121Updated 3 years ago
• NVISOsecurity / Interceptor
  Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space
  ☆123Updated 2 years ago
• outflanknl / macho-loader
  ☆80Updated 8 months ago
• passthehashbrowns / suspendedunhook
  ☆39Updated 4 years ago
• RITRedteam / nosferatu
  Windows NTLM Authentication Backdoor
  ☆15Updated 3 years ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated 2 years ago
• f1rehaz4rd / Watchdog
  DLL Injector as a service that watches the health of the started thread.
  ☆9Updated 5 years ago
• waldo-irc / JYang
  ☆14Updated 3 years ago
• tothi / stager_libpeconv
  A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading
  ☆84Updated 2 years ago
• Ap3x / COFF-Loader
  A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader
  ☆48Updated last year
• Hagrid29 / herpaderply_hollowing
  Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
  ☆56Updated 2 years ago
• shogunlab / Mochi
  Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.
  ☆101Updated 3 years ago
• alfarom256 / PebLdr
  ☆15Updated 4 years ago
• RiccardoAncarani / BOFs
  Collection of Beacon Object Files (BOFs) for shells and lols
  ☆118Updated 3 years ago
• rkbennett / pybof
  Python module for running BOFs
  ☆70Updated last year