Alternatives and similar repositories for NewShell:

Users that are interested in NewShell are comparing it to the libraries listed below

• 0r13lc0ch4v1 / HideFromAMSI
  Bypass AMSI and Executing PowerShell scripts from C# - using CyberArk's method to bypass AMSI
  ☆30Updated 5 years ago
• decay88 / Tengri_Shellcode_Loader
  Encrypted Shellcode Loader Generator
  ☆22Updated 6 years ago
• AzAgarampur / byeintegrity4-uac
  Bypass UAC by abusing the Windows Defender Firewall Control Panel, environment variables, and shell protocol handlers
  ☆18Updated 3 years ago
• mobdk / ExecuteShellcodeWithSyscalls
  Execute shellcode with syscalls from C# .dll
  ☆12Updated 4 years ago
• thefLink / Memfiddler
  Executes shellcode from a remote server and aims to evade in-memory scanners
  ☆31Updated 5 years ago
• rastating / slae
  The source code of the SLAE assignments documented at https://rastating.github.io/
  ☆23Updated 6 years ago
• d35ha / ShellInjector
  Execute an arbitrary command within the context of another process
  ☆20Updated 5 years ago
• basharbachir / HostingCLR-Bypass-AMSI-Windows-Defender
  ☆11Updated 6 years ago
• ohjeongwook / RunShellcode
  Windows Shellcode Testing Utility to Run Shellcode From A File
  ☆12Updated 5 years ago
• rasta-mouse / AsyncSockets
  Example of async client/server sockets in .NET 5
  ☆17Updated 3 years ago
• aaaddress1 / masqueradeCmdline
  A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.
  ☆39Updated 4 years ago
• riskydissonance / Ridgway
  A quick tool for hiding a new process running shellcode.
  ☆57Updated 4 years ago
• williamknows / CodeCoverageModuleStomping
  ☆12Updated 5 years ago
• melardev / XeytanWin32-RAT
  WORK IN PROGRESS. RAT written in C++ using Win32 API
  ☆18Updated 5 years ago
• daem0nc0re / HEVD-CSharpKernelPwn
  CSharp Writeups for HackSys Extreme Vulnerable Driver
  ☆43Updated 3 years ago
• bufferbandit / silent_cleanup_uac_bypass
  Silent Cleanup UAC Bypass POC
  ☆11Updated 5 years ago
• fashionproof / CheckSafeBoot
  I used this to see if an EDR is running in Safe Mode
  ☆36Updated 4 years ago
• neofito / CVE-2020-1337
  CVE-2020-1048 bypass: binary planting PoC
  ☆32Updated 4 years ago
• SolomonSklash / netntlm
  A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP
  ☆34Updated 3 years ago
• bao7uo / HexyRunner
  Takes raw hex shellcode (e.g. msfvenom hex format) from a cmd line arg, text file, or URL download and runs it.
  ☆19Updated 6 years ago
• hoangprod / COMHijacker
  Persistent through COM Hijacking
  ☆20Updated 6 years ago
• bharadwajyas / ppdump-public
  Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…
  ☆22Updated 5 years ago
• D4rthMaulCop / DarthNetLoader
  ☆15Updated last year
• Kudaes / Scripts
  Repository for dirty scripts and PoCs
  ☆17Updated 2 months ago
• crawl3r / FunWithAMSI
  A repo to hold any bypasses I work on/study/whatever
  ☆19Updated 4 years ago
• aaaddress1 / knownDlls_Poison
  ☆26Updated 3 years ago
• vysecurity / WindfarmDynamite-CNA
  CobaltStrike Aggressor Script to utilise FuzzySec's Windows Notification Framework Research to Spawn a Shell under Explorer.exe
  ☆16Updated 5 years ago
• AleDiBen / RevShell
  C-based Reverse Shell that uses CMD or PowerShell
  ☆15Updated 4 years ago
• paranoidninja / DotNetTracer
  C code to enable ETW tracing for Dotnet Assemblies
  ☆31Updated 2 years ago
• benpturner / Invoke-DCOM
  C# DCOM Execution
  ☆18Updated 5 years ago