Alternatives and similar repositories for Being-A-Good-CLR-Host

Users that are interested in Being-A-Good-CLR-Host are comparing it to the libraries listed below

• susMdT / LoudSunRun

  View on GitHub
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆254Oct 16, 2024Updated last year
• susMdT / ForsHops

  View on GitHub
  ForsHops
  ☆59Mar 25, 2025Updated 10 months ago
• JayGLXR / Rusty-Stardust

  View on GitHub
  A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…
  ☆59Mar 17, 2025Updated 11 months ago
• mbhatt1 / PhantomPipe

  View on GitHub
  A proof‑of‑concept C2 framework that uses Server‑Sent Events (SSE) and the MCP protocol for agent registration, command dispatch, and res…
  ☆32Apr 28, 2025Updated 9 months ago
• jsecu / ModTask

  View on GitHub
  ☆53Sep 23, 2025Updated 4 months ago
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆332Mar 6, 2025Updated 11 months ago
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆678Oct 23, 2024Updated last year
• chryzsh / linux_bof

  View on GitHub
  ELF Beacon Object File (BOF) Template
  ☆19Nov 18, 2024Updated last year
• NtDallas / KrakenMask

  View on GitHub
  Sleep obfuscation
  ☆267Dec 13, 2024Updated last year
• CICADA8-Research / Spyndicapped

  View on GitHub
  COM ViewLogger — new malware keylogging technique
  ☆403Jan 6, 2025Updated last year
• FalconForceTeam / bof-winrm-plugin-jump

  View on GitHub
  ☆33Jan 23, 2025Updated last year
• NoahKirchner / speedloader

  View on GitHub
  Rust template/library for implementing your own COFF loader
  ☆71Jan 27, 2025Updated last year
• CICADA8-Research / IHxExec

  View on GitHub
  Process injection alternative
  ☆404Sep 6, 2024Updated last year
• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆41Aug 28, 2024Updated last year
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆104Feb 25, 2025Updated 11 months ago
• CymulateResearch / Blindside

  View on GitHub
  Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
  ☆135Dec 20, 2022Updated 3 years ago
• rad9800 / BootExecuteEDR

  View on GitHub
  ☆409Dec 8, 2024Updated last year
• paskalian / WID_LoadLibrary

  View on GitHub
  Reverse engineering winapi function loadlibrary.
  ☆233Apr 17, 2023Updated 2 years ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• thiagomayllart / DarkMelkor

  View on GitHub
  Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.
  ☆28Sep 8, 2021Updated 4 years ago
• arsium / PELoader

  View on GitHub
  ☆20Jul 23, 2023Updated 2 years ago
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆194Nov 27, 2024Updated last year
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆67Jan 11, 2026Updated last month
• CICADA8-Research / COMThanasia

  View on GitHub
  A set of programs for analyzing common vulnerabilities in COM
  ☆246Sep 8, 2024Updated last year
• ColeHouston / Sunder

  View on GitHub
  Windows rootkit designed to work with BYOVD exploits
  ☆214Jan 18, 2025Updated last year
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆266Apr 8, 2025Updated 10 months ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• ibaiC / FriendlyFireBOF

  View on GitHub
  A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
  ☆57Apr 14, 2025Updated 10 months ago
• kapellos / LNKSmuggler

  View on GitHub
  A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.
  ☆92Jan 8, 2025Updated last year
• EricEsquivel / Inline-EA

  View on GitHub
  Cobalt Strike BOF for evasive .NET assembly execution
  ☆307Mar 31, 2025Updated 10 months ago
• CICADA8-Research / TypeLibWalker

  View on GitHub
  TypeLib persistence technique
  ☆139Oct 22, 2024Updated last year
• fern89 / C2

  View on GitHub
  A basic C2 framework written in C
  ☆59Jul 7, 2024Updated last year
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆63Mar 19, 2024Updated last year
• xrombar / flower

  View on GitHub
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆107Mar 25, 2024Updated last year
• itm4n / PPLrevenant

  View on GitHub
  Bypass LSA protection using the BYODLL technique
  ☆171Sep 21, 2024Updated last year
• rtecCyberSec / RAITrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying
  ☆168Jul 22, 2025Updated 6 months ago
• sud0Ru / NauthNRPC

  View on GitHub
  Enumerate Domain Users Without Authentication
  ☆281Apr 22, 2025Updated 9 months ago
• Offensive-Panda / LsassReflectDumping

  View on GitHub
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆214Oct 19, 2024Updated last year