Alternatives and similar repositories for RtlHijack

Users that are interested in RtlHijack are comparing it to the libraries listed below

• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆135Apr 6, 2025Updated 10 months ago
• Teach2Breach / snapinject_rs

  View on GitHub
  A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
  ☆50Jan 25, 2025Updated last year
• ColeHouston / theHandler-BOF

  View on GitHub
  Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
  ☆38Aug 5, 2025Updated 6 months ago
• 0xTriboulet / rdll-rs

  View on GitHub
  A reflective DLL development template for the Rust programming language
  ☆113Nov 4, 2025Updated 3 months ago
• winsecurity / AMSI-Bypass-HWBP

  View on GitHub
  ☆26Aug 11, 2025Updated 6 months ago
• tijme / relocatable

  View on GitHub
  Boilerplate to develop raw and truly Position Independent Code (PIC).
  ☆116Jan 20, 2025Updated last year
• artemy-ccrsky / DecryptRecoveryLAPS_RPC

  View on GitHub
  A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.
  ☆29Jun 9, 2025Updated 8 months ago
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆104Feb 25, 2025Updated 11 months ago
• ricardojoserf / NativeTokenImpersonate

  View on GitHub
  Impersonate Tokens using only NTAPI functions
  ☆83Apr 4, 2025Updated 10 months ago
• MythicAgents / Xenon

  View on GitHub
  A Mythic agent for Windows written in C
  ☆156Updated this week
• JayGLXR / NomadLoader

  View on GitHub
  An advanced utility for converting Windows Portable Executable (PE) files to position-independent code (PIC) shellcode. It enables execut…
  ☆63Mar 1, 2025Updated 11 months ago
• susMdT / ForsHops

  View on GitHub
  ForsHops
  ☆59Mar 25, 2025Updated 10 months ago
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• Teach2Breach / dll2shell

  View on GitHub
  converts sRDI compatible dlls to shellcode
  ☆35Jan 20, 2025Updated last year
• 0xNinjaCyclone / EarlyCascade

  View on GitHub
  A PoC for Early Cascade process injection technique.
  ☆208Jan 30, 2025Updated last year
• 0xflux / Hells-Hollow

  View on GitHub
  Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls
  ☆214Aug 31, 2025Updated 5 months ago
• safedv / Rustic64

  View on GitHub
  64-bit, position-independent implant template for Windows in Rust.
  ☆172Nov 28, 2025Updated 2 months ago
• Teach2Breach / moonwalk

  View on GitHub
  find dll base addresses without PEB WALK
  ☆157Jul 13, 2025Updated 7 months ago
• NtDallas / KrakenMask

  View on GitHub
  Sleep obfuscation
  ☆267Dec 13, 2024Updated last year
• KingOfTheNOPs / Get-NetNTLM

  View on GitHub
  Internal Monologue BOF
  ☆79Dec 28, 2024Updated last year
• Teach2Breach / stargate

  View on GitHub
  Locate dlls and function addresses without PEB Walk and EAT parsing
  ☆104Nov 7, 2025Updated 3 months ago
• JayGLXR / Rusty-Stardust

  View on GitHub
  A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…
  ☆59Mar 17, 2025Updated 10 months ago
• ZephrFish / QoL-BOFs

  View on GitHub
  Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
  ☆137Dec 7, 2025Updated 2 months ago
• EvanMcBroom / sleepy

  View on GitHub
  A lexer and parser for Sleep
  ☆20May 14, 2025Updated 9 months ago
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆150Feb 10, 2025Updated last year
• Teach2Breach / rpeloader

  View on GitHub
  use python on windows with full submodule support without installation
  ☆30Jan 23, 2025Updated last year
• BlackSnufkin / HolyGrail

  View on GitHub
  BYOVD hunter to help prioritize windows drivers worth manual analysis
  ☆74Aug 19, 2025Updated 5 months ago
• 0xtengu / Cloak64

  View on GitHub
  ☆48Dec 21, 2025Updated last month
• dr4ndrei / OHFFLdr

  View on GitHub
  One-header configurable C++20 COFF loader
  ☆21Jul 21, 2025Updated 6 months ago
• AlmondOffSec / DCOMRunAs

  View on GitHub
  Lateral movement with DCOM DLL hijacking
  ☆177Jul 4, 2025Updated 7 months ago
• 0xflux / Vectored-Exception-Handling-Squared

  View on GitHub
  Vectored Exception Handling Squared
  ☆29Dec 27, 2025Updated last month
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆152Mar 25, 2025Updated 10 months ago
• TwoSevenOneT / CreateProcessAsPPL

  View on GitHub
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆294Nov 1, 2025Updated 3 months ago
• Faran-17 / Hellshazzard

  View on GitHub
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆84Aug 13, 2024Updated last year
• CodeXTF2 / WebcamBOF

  View on GitHub
  Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
  ☆156Mar 26, 2025Updated 10 months ago
• Ridter / netsync

  View on GitHub
  Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.
  ☆62Feb 25, 2025Updated 11 months ago
• TwoSevenOneT / WSASS

  View on GitHub
  This is the tool to dump the LSASS process on modern Windows 11
  ☆555Nov 1, 2025Updated 3 months ago
• 0xv1n / RemoteSessionEnum

  View on GitHub
  Remotely Enumerate sessions using undocumented Windows Station APIs
  ☆118Aug 21, 2024Updated last year
• silentwarble / Hannibal

  View on GitHub
  Mythic C2 Agent written in x64 PIC C
  ☆84Jan 29, 2025Updated last year