lem0nSec/SkeletonKey external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

lem0nSec/SkeletonKey

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/lem0nSec/SkeletonKey)

Close

lem0nSec / SkeletonKeyView on GitHubMore

• External links
• Readme badge

Reproducing the SkeletonKey malware.

☆11Apr 6, 2024Updated last year

Alternatives and similar repositories for SkeletonKey

Users that are interested in SkeletonKey are comparing it to the libraries listed below

• lem0nSec / ASM_World

  View on GitHub
  Offensive Assembly code snippets.
  ☆13Jul 12, 2023Updated 2 years ago
• itaymigdal / Poshito

  View on GitHub
  Poshito is a Windows C2 over Telegram
  ☆21Oct 30, 2024Updated last year
• whokilleddb / BoosterDriver

  View on GitHub
  A step-by-step walkthrough of how to write a Client and a Driver to communicate with each other and boost the priority of a thread.
  ☆17Dec 12, 2023Updated 2 years ago
• whokilleddb / ProcReveal

  View on GitHub
  A kernel driver to get a Handle to virtually *every* process
  ☆13Jan 16, 2024Updated 2 years ago
• internetangel / OffensiveD

  View on GitHub
  Utilizing DLang For Offensive Operations.
  ☆14May 29, 2025Updated 9 months ago
• paranoidninja / PI-Tracker

  View on GitHub
  A tracker DLL which enables 'NTAPI->Syscall' tracking whenever it is loaded. It calls 'NtSetInformationProcess' API call with a callback …
  ☆14Oct 21, 2024Updated last year
• lem0nSec / Alcatraz

  View on GitHub
  An example of Windows self-replicating malware.
  ☆11Jan 16, 2023Updated 3 years ago
• NotoriousRebel / ConfigPersist

  View on GitHub
  Modifies machine.config for persistence after installing signed .net assembly onto GAC
  ☆13Mar 17, 2022Updated 3 years ago
• lem0nSec / KBlast

  View on GitHub
  Basic interactive Windows kernel offensive toolkit written in C
  ☆137Sep 20, 2025Updated 5 months ago
• lem0nSec / Dsebler

  View on GitHub
  Reimplementation of the KExecDD DSE bypass technique.
  ☆58Sep 7, 2024Updated last year
• milosilo / DLL-Proxy-Hijacking-Microsoft-Teams

  View on GitHub
  Tutorial covering how to discover DLLs for Hijacking and how to create proxy DLLS using Microsoft Teams as an example
  ☆16Apr 7, 2021Updated 4 years ago
• l0n3m4n / bin2shell

  View on GitHub
  Convert binaries to shellcode (C, C#, CPP, ASM, BOF loader, PS to b64)
  ☆18Jun 6, 2025Updated 8 months ago
• Bl4ckM1rror / PEAs

  View on GitHub
  ☆60Dec 15, 2023Updated 2 years ago
• fin3ss3g0d / HookFinder

  View on GitHub
  Simple PoC to locate hooked functions by EDR in ntdll.dll
  ☆46Jul 16, 2023Updated 2 years ago
• BC-SECURITY / IronSharpPack

  View on GitHub
  IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…
  ☆118May 2, 2024Updated last year
• nbaertsch / nimHeapEnc

  View on GitHub
  Heap encryption in Nim
  ☆20Aug 25, 2024Updated last year
• HadarShahar / process-hiders

  View on GitHub
  Hides processes from the windows task manager using IAT hooking.
  ☆22Mar 30, 2021Updated 4 years ago
• nbaertsch / AutoAppDomainHijack

  View on GitHub
  Automated .NET AppDomain hijack payload generation
  ☆129Feb 4, 2025Updated last year
• zimnyaa / nim-noload-dll-hollowing

  View on GitHub
  Unused DLL hollowing PoC in Nim
  ☆17Jan 31, 2022Updated 4 years ago
• FuzzySecurity / SAFACon-Vienna

  View on GitHub
  ☆23Apr 28, 2024Updated last year
• I3IT / Detect.Remote.ShadowSnapshot.Dump

  View on GitHub
  Detect Remote Local Credentials Dumping using a Shadow Snapshot
  ☆32Jan 27, 2025Updated last year
• lem0nSec / CreateRemoteThreadPlus

  View on GitHub
  CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.
  ☆138Jul 10, 2025Updated 7 months ago
• hwbp / LazyHook

  View on GitHub
  Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.
  ☆129Dec 8, 2025Updated 2 months ago
• loneicewolf / smbdoor

  View on GitHub
  improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys
  ☆49Mar 10, 2023Updated 2 years ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• zimnyaa / inmembof.py

  View on GitHub
  A small example of loading BOFs in Python with pure reflection
  ☆19Jan 26, 2023Updated 3 years ago
• ahron-chet / GuardBypassToolkit

  View on GitHub
  A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run M…
  ☆21Jul 14, 2024Updated last year
• kleiton0x00 / contexter

  View on GitHub
  Contexter - A secondary context path traversal / server-side parameter pollution testing tool written in Python 3
  ☆26Aug 18, 2024Updated last year
• fin3ss3g0d / NativeThreadpool

  View on GitHub
  Work, timer, and wait callback example using solely Native Windows APIs.
  ☆88Feb 11, 2024Updated 2 years ago
• itaymigdal / GhostNap

  View on GitHub
  Sleep obfuscation for shellcode implants and their reflective shit
  ☆53Sep 19, 2023Updated 2 years ago
• zorftw / kdmapper-rs

  View on GitHub
  Rust port of kdmapper
  ☆22Aug 24, 2021Updated 4 years ago
• Helixo32 / DetectHooks

  View on GitHub
  Detect userland hooks placed by AV/EDR
  ☆28Sep 4, 2023Updated 2 years ago
• nocerainfosec / TakeMyRDP2.0

  View on GitHub
  An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard in…
  ☆105Jul 27, 2023Updated 2 years ago
• a7t0fwa7 / SymProcSleuth

  View on GitHub
  A pure C version of SymProcAddress
  ☆30Mar 17, 2024Updated last year
• EvanMcBroom / perfect-loader

  View on GitHub
  Load a dynamic library from memory by modifying the native Windows loader
  ☆285Jun 18, 2025Updated 8 months ago
• GinArea / gobybit

  View on GitHub
  Bybit API client library for Go (ByBit API connector)
  ☆10Dec 19, 2025Updated 2 months ago
• MusaTahawar / Whatsapp-SMS-Bomber

  View on GitHub
  hatsApp Message Sender is a simple Python application that allows users to send WhatsApp messages programmatically using the pywhatkit li…
  ☆14Nov 17, 2023Updated 2 years ago
• AnyBody / AMMR4-Beta

  View on GitHub
  Future version of the AnyBody Managed Model Repository with a full thoracic spine model.
  ☆18Feb 2, 2026Updated 3 weeks ago
• FedericoCeratto / nim-socks5

  View on GitHub
  Nim Socks5 library
  ☆29Dec 29, 2021Updated 4 years ago