Alternatives and similar repositories for PS-MOTW

Users that are interested in PS-MOTW are comparing it to the libraries listed below

• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆38Updated 10 months ago
• cod3nym / Ghosting-AMSI
  Ghosting-AMSI
  ☆17Updated 2 weeks ago
• MaorSabag / Paruns-Fart
  Just another ntdll unhooking using Parun's Fart technique
  ☆75Updated 2 years ago
• caueb / ThreadlessStompingKann
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆61Updated last year
• decoder-it / Troopers24
  ☆41Updated 10 months ago
• huntandhackett / PassiveAggression
  Source code and examples for PassiveAggression
  ☆60Updated 11 months ago
• joe-desimone / rep-research
  ☆75Updated 9 months ago
• Cipher7 / havoc-PoolParty
  Windows Thread Pool Injection Havoc Implementation
  ☆29Updated last year
• OffenseTeacher / Steganim
  ☆48Updated last year
• t94j0 / sddl_py
  Parse SDDL strings
  ☆35Updated last year
• ZephrFish / HelloJackHunter
  Research into WinSxS binaries and finding hijackable paths
  ☆28Updated 3 weeks ago
• a7t0fwa7 / SymProcSleuth
  A pure C version of SymProcAddress
  ☆27Updated last year
• xelemental / Mal-LNK-Generator
  ☆34Updated last month
• Tylous / Ivy
  Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …
  ☆21Updated 2 years ago
• ADPunisher / OwnershipStealer
  ☆27Updated 2 years ago
• kapellos / LNKSmuggler
  A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.
  ☆14Updated 4 months ago
• HulkOperator / AuthStager
  ☆55Updated 6 months ago
• EvilBytecode / EvilByte-Remote-AMSI-Bypass
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆37Updated this week
• mttaggart / quasar
  quASAR: ASAR manipulation made easy
  ☆37Updated 2 years ago
• D4rthMaulCop / DumpKernel-S1
  A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
  ☆20Updated last month
• cbrnrd / maliketh
  🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python
  ☆44Updated last year
• Fitretech-Security / dylight
  macOS dylib stager
  ☆32Updated 3 months ago
• Faran-17 / Hellshazzard
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆74Updated 9 months ago
• bluefrostsecurity / Windows-Drive-Remapping-EoP
  ☆30Updated last year
• Wh04m1001 / GamingServiceEoP5
  ☆28Updated last year
• G0ldenGunSec / DayBird
  Extension functionality for the NightHawk operator client
  ☆27Updated last year
• Retr0-code / hash-dumper
  Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…
  ☆62Updated last year
• jsecurity101 / LDAPMon
  ☆45Updated last year
• CaptainNox / Hypnos
  A more reliable way of resolving syscall numbers in Windows
  ☆49Updated last year
• s4dbrd / ETWReader
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆16Updated 10 months ago