n0tspam/RunspaceLoader

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/n0tspam/RunspaceLoader)

n0tspam / RunspaceLoader

Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe

☆13

Alternatives and similar repositories for RunspaceLoader

Users that are interested in RunspaceLoader are comparing it to the libraries listed below

Sorting:

dosxuz / TradecraftImrprovement
View on GitHub
This repository will contain source codes from the Tradecraft improvement blog series
☆14Mar 27, 2025Updated 11 months ago
CD-R0M / YARA
View on GitHub
Hundred Days of Yara Challenge
☆12Jun 21, 2022Updated 3 years ago
cocomelonc / 2022-07-21-malware-tricks-22
View on GitHub
Run payload like a Lazarus Group (UuidFromStringA). C++ implementation
☆20Jul 24, 2022Updated 3 years ago
dievus / GatekeeperLite
View on GitHub
Lite version of my Gatekeeper backdoor for public use.
☆52Nov 15, 2021Updated 4 years ago
OtterHacker / AWSRedirector
View on GitHub
☆58Feb 16, 2025Updated last year
V-i-x-x / win11-kernel-execution-syscall-hijack
View on GitHub
Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)
☆57Jun 15, 2025Updated 8 months ago
mr-r3b00t / NotProxyShellHunter
View on GitHub
Check for NotProxyShell CVE-2022-40140 & CVE-2022-41082
☆26Oct 2, 2022Updated 3 years ago
smokeme / PDFator
View on GitHub
☆27Jun 3, 2023Updated 2 years ago
Mirdain / Gearswap
View on GitHub
FFXI Gearswap Lua for the impaired
☆10Feb 2, 2026Updated 3 weeks ago
patrickt2017 / VEHNetLoader
View on GitHub
Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
☆50Jul 6, 2025Updated 7 months ago
maxDcb / C2Implant
View on GitHub
Windows C++ Implant for Exploration C2
☆44Jan 26, 2026Updated last month
ACE-Responder / Empire-C2-RCE-PoC
View on GitHub
RCE PoC for Empire C2 framework <5.9.3
☆28Feb 24, 2024Updated 2 years ago
Jhangju / goLang-injectors
View on GitHub
This project will guide yout to awareness of injection in almost every window API and process.
☆24Mar 30, 2022Updated 3 years ago
dosxuz / PerunsFart
View on GitHub
This is my own implementation of the Perun's Fart technique by Sektor7
☆72May 14, 2022Updated 3 years ago
cmdaltr / elrond
View on GitHub
Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
☆32Nov 23, 2025Updated 3 months ago
Cipher7 / havoc-PoolParty
View on GitHub
Windows Thread Pool Injection Havoc Implementation
☆33Mar 23, 2024Updated last year
jsecu / ElevatedEvents
View on GitHub
☆30Nov 7, 2022Updated 3 years ago
Print3M / c-to-shellcode
View on GitHub
From C to binary shellcode converter.
☆55Nov 11, 2025Updated 3 months ago
inb1ts / birdnet-poc
View on GitHub
Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
☆41Jul 9, 2023Updated 2 years ago
Unit-259 / PsInPic
View on GitHub
A powershell module for hiding payloads in the pixels of images
☆79Jul 6, 2024Updated last year
kleiton0x00 / RemoteShellcodeExec
View on GitHub
Execute shellcode from a remote-hosted bin file using Winhttp.
☆240Jun 22, 2023Updated 2 years ago
0xjessie21 / CVE-2025-24016
View on GitHub
CVE-2025-24016: Wazuh Unsafe Deserialization Remote Code Execution (RCE)
☆42Feb 19, 2025Updated last year
shawtyknowmyname / signature_thief
View on GitHub
Windows Signature Thief is a program designed to steal the digital signature of one file and install it on another.
☆21Dec 9, 2025Updated 2 months ago
hlldz / misc
View on GitHub
miscellaneous codes
☆36Sep 24, 2023Updated 2 years ago
Logisek / EvilMist
View on GitHub
EvilMist is a collection of scripts and utilities designed to support cloud penetration testing & red teaming. The toolkit helps identify…
☆123Updated this week
avishayil / cdk-goat
View on GitHub
Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure
☆49Dec 29, 2023Updated 2 years ago
ELMERIKH / PyinMemoryPE
View on GitHub
execute PE in memory Filelessly
☆51Feb 8, 2025Updated last year
Kryp7os / SharpRBCD
View on GitHub
An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD
☆49Mar 10, 2025Updated 11 months ago
surajpkhetani / AutoSmuggle
View on GitHub
Utility to craft HTML or SVG smuggled files for Red Team engagements
☆245Mar 19, 2024Updated last year
Helixo32 / SimpleEDR
View on GitHub
Simple EDR that injects a DLL into a process to place a hook on specific Windows API
☆97Aug 27, 2023Updated 2 years ago
DrorDvash / CVE-2022-22954_VMware_PoC
View on GitHub
PoC for CVE-2022-22954 - VMware Workspace ONE Access Freemarker Server-Side Template Injection
☆10Apr 12, 2022Updated 3 years ago
SecNN / Struts2_S2-062_CVE-2021-31805
View on GitHub
Apache Struts2 S2-062远程代码执行漏洞(CVE-2021-31805) | 反弹Shell
☆11Apr 18, 2022Updated 3 years ago
zphw / dns-cache-poisoning-demo
View on GitHub
An isolated environment for DNS cache poisoning attack investigation and demonstration.
☆10Nov 22, 2020Updated 5 years ago
Shrfnt77 / AmsiBypass
View on GitHub
Bypassing Amsi using LdrLoadDll
☆47Jan 8, 2025Updated last year
chr0n1k / Auror-Project
View on GitHub
Challenge 1 of The Auror Project - Setup AD Lab automatically
☆12Apr 26, 2022Updated 3 years ago
cocomelonc / 2022-04-13-malware-injection-19
View on GitHub
Classic DLL injection. Download dll from url and inject. Simple C++ implementation
☆10Apr 16, 2022Updated 3 years ago
JakubStanior / PsExclusionFinder
View on GitHub
PowerShell tool to enumerate existing exclusions in Windows Defender as low privileged user
☆11Oct 14, 2024Updated last year
RenderZ0n3 / Malware-Development
View on GitHub
☆10Jul 1, 2023Updated 2 years ago
0xSojalSec / AI-driven-penetration-testing-tool
View on GitHub
An advanced AI-driven vulnerability scanner and penetration testing tool that integrates multiple AI providers (OpenAI, Grok, OLLAMA, Cla…
☆34Nov 7, 2025Updated 3 months ago