mertdas/SharpTerminator

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mertdas/SharpTerminator)

mertdas / SharpTerminator

Terminate AV/EDR Processes using kernel driver

☆352

Alternatives and similar repositories for SharpTerminator

Users that are interested in SharpTerminator are comparing it to the libraries listed below

Sorting:

ZeroMemoryEx / Blackout
View on GitHub
kill anti-malware protected processes ( BYOVD )
☆968Jul 21, 2023Updated 2 years ago
ZeroMemoryEx / Terminator
View on GitHub
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
☆1,040Jun 20, 2023Updated 2 years ago
REDMED-X / OperatorsKit
View on GitHub
Collection of Beacon Object Files (BOF) for Cobalt Strike
☆672Aug 15, 2025Updated 6 months ago
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆433Dec 21, 2023Updated 2 years ago
Octoberfest7 / DropSpawn_BOF
View on GitHub
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
☆285Jun 8, 2023Updated 2 years ago
mertdas / PrivKit
View on GitHub
PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
☆568Jan 20, 2026Updated last month
XiaoliChan / wmiexec-Pro
View on GitHub
New generation of wmiexec.py
☆1,254Jan 5, 2026Updated last month
WKL-Sec / HiddenDesktop
View on GitHub
HVNC for Cobalt Strike
☆1,298Dec 7, 2023Updated 2 years ago
wh0amitz / KRBUACBypass
View on GitHub
UAC Bypass By Abusing Kerberos Tickets
☆508Aug 10, 2023Updated 2 years ago
Octoberfest7 / Inline-Execute-PE
View on GitHub
Execute unmanaged Windows executables in CobaltStrike Beacons
☆714Mar 4, 2023Updated 2 years ago
outflanknl / C2-Tool-Collection
View on GitHub
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
☆1,367Oct 27, 2023Updated 2 years ago
kyleavery / AceLdr
View on GitHub
Cobalt Strike UDRL for memory scanner evasion.
☆1,006Jun 4, 2024Updated last year
crisprss / RasmanPotato
View on GitHub
Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do
☆400Feb 6, 2023Updated 3 years ago
S3cur3Th1sSh1t / Ruy-Lopez
View on GitHub
☆319Jun 28, 2023Updated 2 years ago
WKL-Sec / Malleable-CS-Profiles
View on GitHub
A list of python tools to help create an OPSEC-safe Cobalt Strike profile.
☆510May 19, 2025Updated 9 months ago
RedSiege / GraphStrike
View on GitHub
Cobalt Strike HTTPS beaconing over Microsoft Graph API
☆622Jun 25, 2024Updated last year
mertdas / RedPersist
View on GitHub
☆223Mar 10, 2024Updated last year
reveng007 / DarkWidow
View on GitHub
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
☆776Jan 26, 2026Updated last month
Mr-Un1k0d3r / Elevate-System-Trusted-BOF
View on GitHub
☆162Mar 27, 2023Updated 2 years ago
zer0condition / mhydeath
View on GitHub
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
☆407Aug 22, 2023Updated 2 years ago
grimlockx / ADCSKiller
View on GitHub
An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer
☆738May 19, 2023Updated 2 years ago
wh0amitz / SharpADWS
View on GitHub
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
☆586Mar 19, 2024Updated last year
SaadAhla / FilelessPELoader
View on GitHub
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
☆1,019Aug 29, 2023Updated 2 years ago
WKL-Sec / dcomhijack
View on GitHub
Lateral Movement Using DCOM and DLL Hijacking
☆325Jun 18, 2023Updated 2 years ago
ricardojoserf / NativeDump
View on GitHub
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
☆701May 7, 2025Updated 9 months ago
icyguider / LightsOut
View on GitHub
Generate an obfuscated DLL that will disable AMSI & ETW
☆330Jul 15, 2024Updated last year
trustedsec / CS-Remote-OPs-BOF
View on GitHub
Remote operations commands implemented using Beacon Object Files
☆1,120Updated this week
antonioCoco / SspiUacBypass
View on GitHub
Bypassing UAC with SSPI Datagram Contexts
☆461Sep 24, 2023Updated 2 years ago
OmriBaso / RToolZ
View on GitHub
A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.
☆326Jan 31, 2023Updated 3 years ago
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆680Oct 23, 2024Updated last year
Octoberfest7 / MemFiles
View on GitHub
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
☆473Jul 6, 2024Updated last year
Helixo32 / NimBlackout
View on GitHub
Kill AV/EDR leveraging BYOVD attack
☆390Jul 11, 2023Updated 2 years ago
SaadAhla / NTDLLReflection
View on GitHub
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…
☆305Aug 2, 2023Updated 2 years ago
iilegacyyii / ThreadlessInject-BOF
View on GitHub
BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…
☆394Jan 9, 2024Updated 2 years ago
lem0nSec / ShellGhost
View on GitHub
A memory-based evasion technique which makes shellcode invisible from process start to end.
☆1,198Oct 16, 2023Updated 2 years ago
icyguider / LatLoader
View on GitHub
PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
☆307Dec 9, 2023Updated 2 years ago
YOLOP0wn / POSTDump
View on GitHub
☆341Nov 10, 2025Updated 3 months ago
BeichenDream / SharpToken
View on GitHub
Windows Token Stealing Expert
☆485Nov 24, 2023Updated 2 years ago
CognisysGroup / HadesLdr
View on GitHub
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
☆293Jul 15, 2023Updated 2 years ago