Alternatives and similar repositories for RT-EWS

Users that are interested in RT-EWS are comparing it to the libraries listed below

• med0x2e / NoAmci

  View on GitHub
  Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
  ☆218Mar 5, 2020Updated 5 years ago
• Truvis / SyscallExtractorAnalyzer

  View on GitHub
  This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes
  ☆21Mar 11, 2021Updated 4 years ago
• puzzlepeaches / peas

  View on GitHub
  Modified version of PEAS client for offensive operations
  ☆16Mar 8, 2021Updated 4 years ago
• rasta-mouse / RuralBishop

  View on GitHub
  D/Invoke port of UrbanBishop
  ☆108Jul 19, 2020Updated 5 years ago
• byt3bl33d3r / Utinni

  View on GitHub
  An async Python client library for Empire's RESTful API
  ☆26Dec 6, 2023Updated 2 years ago
• CCob / gookies

  View on GitHub
  A Chrome cookie dumping utility
  ☆46Feb 21, 2020Updated 5 years ago
• brimdata / zui-insiders

  View on GitHub
  Releases for the Zui Insiders app.
  ☆22Feb 17, 2025Updated 11 months ago
• silentsignal / wpc-ps

  View on GitHub
  Windows Privesc Check - PowerShell
  ☆67Apr 22, 2022Updated 3 years ago
• PerimeterX / CVE-2020-6519

  View on GitHub
  ☆26Aug 12, 2020Updated 5 years ago
• med0x2e / GadgetToJScript

  View on GitHub
  A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from …
  ☆1,074Jul 26, 2021Updated 4 years ago
• optiv / Registry-Recon

  View on GitHub
  Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon
  ☆345Jun 6, 2022Updated 3 years ago
• ReversecLabs / peas

  View on GitHub
  PEAS is a Python 2 library and command line application for running commands on an ActiveSync server e.g. Microsoft Exchange.
  ☆184Jan 16, 2023Updated 3 years ago
• ngecom / ngbillingDocker

  View on GitHub
  Open-Source Billing And Rating Platform For Subscription
  ☆10Feb 5, 2024Updated 2 years ago
• mattifestation / BHUSA2018_Sysmon

  View on GitHub
  All materials from our Black Hat 2018 "Subverting Sysmon" talk
  ☆135Aug 10, 2018Updated 7 years ago
• advanced-threat-research / DarkSide-Config-Extract

  View on GitHub
  ☆35Oct 29, 2021Updated 4 years ago
• klezVirus / CandyPotato

  View on GitHub
  Pure C++, weaponized, fully automated implementation of RottenPotatoNG
  ☆313Sep 16, 2021Updated 4 years ago
• RiccardoAncarani / LiquidSnake

  View on GitHub
  LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
  ☆347Sep 1, 2021Updated 4 years ago
• med0x2e / NET-Assembly-Inject-Remote

  View on GitHub
  .NET assembly local/remote loading/injection into memory.
  ☆135Aug 2, 2019Updated 6 years ago
• Intevation / intelmq-fody

  View on GitHub
  Web interface to IntelMQ
  ☆10Sep 10, 2025Updated 5 months ago
• sailay1996 / SECOMN_EoP

  View on GitHub
  Sound Research SECOMN service Privilege Escalation (windows 10)
  ☆39Mar 17, 2020Updated 5 years ago
• pfcoperez / thebutlerdidit

  View on GitHub
  A thread dump analyzer tool running on your browser or in your JVM that generates DOT documents out of `jstack` outputs.
  ☆10Jul 10, 2024Updated last year
• opencord / bbsim

  View on GitHub
  BroadBand Simulator (v2)
  ☆10Sep 30, 2025Updated 4 months ago
• guervild / BOFs

  View on GitHub
  Cobalt Strike Beacon Object Files
  ☆167May 2, 2022Updated 3 years ago
• optiv / rustyIron

  View on GitHub
  rustyIron is a tool that takes advantage of functionality within Ivanti's MobileIron MDM solution to perform single-factor authentication…
  ☆44Mar 22, 2021Updated 4 years ago
• 0xchase / modality

  View on GitHub
  Symbolic execution in radare2 with angr
  ☆39Jul 27, 2021Updated 4 years ago
• He-No / ntlmrelayx2proxychains

  View on GitHub
  ☆95Oct 19, 2022Updated 3 years ago
• med0x2e / genxlm

  View on GitHub
  A simple script to generate JScript code for calling Win32 API functions using XLM/Excel 4.0 macros via Excel.Application "ExecuteExcel4M…
  ☆91Nov 9, 2019Updated 6 years ago
• riskydissonance / SafetyDump

  View on GitHub
  Dump stuff without touching disk
  ☆164Oct 29, 2020Updated 5 years ago
• Kevin-Robertson / InveighZero

  View on GitHub
  .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
  ☆811Aug 28, 2022Updated 3 years ago
• n00py / Slackor

  View on GitHub
  A Golang implant that uses Slack as a command and control server
  ☆47Jun 10, 2020Updated 5 years ago
• bketelsen / clippy

  View on GitHub
  Clippy is your friend. A very helpful friend.
  ☆15Feb 5, 2026Updated last week
• JensBorrisholt / TWinEventHook

  View on GitHub
  TWinEventHook allows you to hook into certain Windows events.
  ☆11Sep 20, 2019Updated 6 years ago
• ihutch / COPTIC

  View on GitHub
  3-D PIC plasma simulation code (Cartesian-coordinate Oblique-boundary Particles and Thermals In Cell) with a wide variety of embedded obj…
  ☆12Oct 22, 2024Updated last year
• fpiette / Delphi-ImpersonateUser

  View on GitHub
  Code to make a Delphi program act as another user. Demo provide to access a file owned by another user.
  ☆11Feb 8, 2022Updated 4 years ago
• jpverkamp / dnsscan

  View on GitHub
  Scan IPv4 prefixes for DNS revolvers and classify them as open/closed
  ☆10Jun 19, 2014Updated 11 years ago
• bufferbandit / silent_cleanup_uac_bypass

  View on GitHub
  Silent Cleanup UAC Bypass POC
  ☆11Dec 15, 2019Updated 6 years ago
• isaudits / phishing-tools

  View on GitHub
  Tools for use with phishing frenzy
  ☆11Jan 17, 2019Updated 7 years ago
• tmenochet / PowerSpray

  View on GitHub
  Offensive tool for guessing Active Directory credentials via Kerberos
  ☆10Jan 1, 2024Updated 2 years ago
• MAECProject / cuckoo

  View on GitHub
  Cuckoo Sandbox is an automated dynamic malware analysis system
  ☆10Sep 11, 2020Updated 5 years ago