Alternatives and similar repositories for runasti:

Users that are interested in runasti are comparing it to the libraries listed below

• VergiliusProject / kernels-data
  Windows kernel PDB data parsed into YAML
  ☆36Updated 4 months ago
• Coldzer0 / TinyPDBParser
  Windows PDB Parser using Imagehlp library.
  ☆16Updated 2 years ago
• Dump-GUY / sc2pe
  Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE
  ☆65Updated last year
• hasherezade / shellc_encoder
  Standalone Metasploit-like XOR encoder for shellcode
  ☆47Updated 10 months ago
• LloydLabs / process-enumeration-stealth
  ☆82Updated 7 months ago
• jbaines-r7 / dellicious
  Enabled / Disable LSA Protection via BYOVD
  ☆66Updated 3 years ago
• jonaslyk / temp
  ☆71Updated 2 years ago
• 7eRoM / elam
  A Practical example of ELAM (Early Launch Anti-Malware)
  ☆32Updated 3 years ago
• LethalSnake1337 / PE-Loader-exercise
  A simple PE loader.
  ☆25Updated 2 years ago
• daem0nc0re / SharpWnfSuite
  C# Utilities for Windows Notification Facility
  ☆132Updated 4 months ago
• SECFORCE / SharpASM
  SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…
  ☆57Updated 2 years ago
• 0xMegaByte / COM-Explained
  ☆25Updated 2 years ago
• zodiacon / MalDevWorkshopWebinar
  Demo from the Malware Analysis and Development Webinar
  ☆20Updated 11 months ago
• keowu / InstrumentationCallbackToolKit
  A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…
  ☆26Updated last year
• Dump-GUY / Get-PDInvokeImports
  Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…
  ☆54Updated 2 years ago
• Hagrid29 / herpaderply_hollowing
  Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
  ☆54Updated 2 years ago
• loneicewolf / smbdoor
  improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys
  ☆50Updated 2 years ago
• rbmm / NtDetours
  Detours implementation (x64/x86) which used only ntdll import
  ☆90Updated 9 months ago
• s4dbrd / ETWReader
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆16Updated 9 months ago
• Idov31 / UdpInspector
  Listing UDP connections with remote address without sniffing.
  ☆30Updated last year
• m417z / LdrDllNotificationHook
  Hook all callbacks which are registered with LdrRegisterDllNotification
  ☆85Updated 2 years ago
• mobdk / CloneProcess
  Clone running process with ZwCreateProcess
  ☆57Updated 4 years ago
• zodiacon / VerifierDLL
  Example of building an application verifer DLL
  ☆45Updated 10 months ago
• secana / CertDump
  Dump certificates from PE files in different formats
  ☆38Updated last year
• knight0x07 / BumbleCrypt
  A Bumblebee-inspired Crypter
  ☆80Updated 2 years ago
• AzAgarampur / PsForge
  Process Hollowing demonstration & explanation
  ☆35Updated 4 years ago
• rad9800 / VehApiResolve
  ☆107Updated 2 years ago
• Flawww / NtSyscaller
  Manually perform syscalls without going through any external API or DLL.
  ☆18Updated last year
• RobinFassinaMoschiniForks / TransitionalPeriod
  Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits
  ☆28Updated 2 years ago
• plackyhacker / Unhook-BitDefender
  Unhooks Bit Defender from NTDLL and KERNELBASE using a classic technique.
  ☆54Updated last year