Alternatives and similar repositories for exportstoc:

Users that are interested in exportstoc are comparing it to the libraries listed below

• mdsecactivebreach / ParallelSyscalls
  ☆160Updated 3 years ago
• elastic / PPLGuard
  ☆69Updated last year
• mdsecactivebreach / com_inject
  ☆190Updated 2 years ago
• N4kedTurtle / HellsGatePoC
  ☆50Updated 4 years ago
• asaurusrex / Probatorum-EDR-Userland-Hook-Checker
  Project to check which Nt/Zw functions your local EDR is hooking
  ☆180Updated 3 years ago
• mdsecactivebreach / firewalker
  ☆147Updated 4 years ago
• marpie / signed-loaders
  signed-loaders documents Windows executables that can be used for side-loading DLLs.
  ☆67Updated 6 years ago
• leoloobeek / COMRunner
  A simple COM server which provides a component to run shellcode
  ☆132Updated 4 years ago
• outflanknl / TamperETW
  PoC to demonstrate how CLR ETW events can be tampered.
  ☆184Updated 4 years ago
• rxwx / cs-rdll-ipc-example
  Example code for using named pipe output with beacon ReflectiveDLLs
  ☆111Updated 4 years ago
• Signal-Labs / NtdllUnpatcher
  Example code for EDR bypassing
  ☆149Updated 5 years ago
• aaaddress1 / sakeInject
  Windows PE - TLS (Thread Local Storage) Injector in C/C++
  ☆104Updated 4 years ago
• xpn / getsystem-offline
  Small tool to get a SYSTEM shell
  ☆130Updated 8 years ago
• boku7 / HellsGatePPID
  Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
  ☆98Updated last year
• mez-0 / InMemoryNET
  Exploring in-memory execution of .NET
  ☆135Updated 2 years ago
• Yaxser / COFFLoader2
  Load and execute COFF files and Cobalt Strike BOFs in-memory
  ☆206Updated 2 years ago
• uvbs / NT-APC-Injector
  APC DLL Injector with NtQueueApcThread and wake up thread support
  ☆45Updated 7 years ago
• asaurusrex / DoppelGate
  DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…
  ☆119Updated 2 years ago
• hoangprod / DanSpecial
  Weaponizing Gigabyte driver for priv escalation and bypass PPL
  ☆68Updated 5 years ago
• lawiet47 / STFUEDR
  Silence EDRs by removing kernel callbacks
  ☆226Updated 4 years ago
• EgeBalci / Hook_API
  Assembly block for hooking windows API functions.
  ☆81Updated 5 years ago
• MahmoudZohdy / APICallProxy
  Windows API Call Obfuscation
  ☆98Updated 2 years ago
• bats3c / DefensiveInjector
  Shellcode injector using direct syscalls
  ☆119Updated 4 years ago
• csandker / inMemoryShellcode
  A Collection of In-Memory Shellcode Execution Techniques for Windows
  ☆147Updated 5 years ago
• jackullrich / TRunPE
  A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…
  ☆93Updated 5 years ago
• crummie5 / Freshycalls_PoC
  A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯
  ☆39Updated 4 years ago
• UserExistsError / DllLoaderShellcode
  Shellcode to load an appended Dll
  ☆89Updated 4 years ago
• d35ha / PE2Shellcode
  Convert PE files to a shellcode
  ☆73Updated 4 years ago