Alternatives and similar repositories for Matryoshka

Users that are interested in Matryoshka are comparing it to the libraries listed below

• karttoon / trigen

  View on GitHub
  Trigen is a Python script which uses different combinations of Win32 function calls in generated VBA to execute shellcode.
  ☆205Jul 2, 2017Updated 8 years ago
• codewhitesec / daphne

  View on GitHub
  Proof-of-Concept to evade auditd by tampering via ptrace
  ☆18Aug 3, 2023Updated 2 years ago
• D4rthMaulCop / DarthNetLoader

  View on GitHub
  ☆15Aug 17, 2023Updated 2 years ago
• rvrsh3ll / Azure-App-Tools

  View on GitHub
  Collection of tools to use with Azure Applications
  ☆112Oct 13, 2023Updated 2 years ago
• latortuga71 / GoPELoader

  View on GitHub
  ☆14Aug 22, 2022Updated 3 years ago
• rvrsh3ll / DInjector

  View on GitHub
  Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL
  ☆23Aug 27, 2022Updated 3 years ago
• maninwire / nimLoader

  View on GitHub
  load dumped csharp binaries as assemblies and launch them in memory
  ☆28Feb 9, 2024Updated 2 years ago
• nettitude / Tartarus-TpAllocInject

  View on GitHub
  ☆209Nov 28, 2023Updated 2 years ago
• SECFORCE / SharpASM

  View on GitHub
  SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…
  ☆59May 23, 2022Updated 3 years ago
• STMCyber / Awesome-Excel4.0

  View on GitHub
  List of Awesome Excel4.0/XLM tricks and functions useful for Red Team and Blue Team. This list is for anyone wishing to learn about Excel…
  ☆37Apr 27, 2021Updated 4 years ago
• t3hbb / citrixphishlet

  View on GitHub
  Citrix Phishlet
  ☆24Feb 2, 2021Updated 5 years ago
• codewhitesec / Lastenzug

  View on GitHub
  Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
  ☆235Oct 18, 2022Updated 3 years ago
• mitchmoser / LACheck

  View on GitHub
  ☆93Aug 23, 2021Updated 4 years ago
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆149Feb 11, 2023Updated 3 years ago
• outflanknl / FindObjects-BOF

  View on GitHub
  A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…
  ☆275May 3, 2023Updated 2 years ago
• connormcgarr / LittleCorporal

  View on GitHub
  LittleCorporal: A C# Automated Maldoc Generator
  ☆229Jul 30, 2021Updated 4 years ago
• synacktiv / keebcap

  View on GitHub
  Win32 keylogger that supports all (non-ime using) languages correctly
  ☆53Dec 21, 2023Updated 2 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆220Nov 5, 2021Updated 4 years ago
• mlcsec / ASRenum-BOF

  View on GitHub
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆160Mar 1, 2024Updated last year
• praetorian-inc / PortBender

  View on GitHub
  TCP Port Redirection Utility
  ☆760Jan 31, 2023Updated 3 years ago
• apokryptein / secinject

  View on GitHub
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆102Jan 7, 2022Updated 4 years ago
• gatariee / ldrgen

  View on GitHub
  Template-based generation of shellcode loaders
  ☆80Apr 20, 2024Updated last year
• boku7 / injectEtwBypass

  View on GitHub
  CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
  ☆301Sep 28, 2021Updated 4 years ago
• tommelo / lnk2pwn

  View on GitHub
  Malicious Shortcut(.lnk) Generator
  ☆86Nov 23, 2018Updated 7 years ago
• Octoberfest7 / EventViewerUAC_BOF

  View on GitHub
  Beacon Object File implementation of Event Viewer deserialization UAC bypass
  ☆133May 6, 2022Updated 3 years ago
• MzHmO / TGSThief

  View on GitHub
  My implementation of the GIUDA project in C++
  ☆189Jul 25, 2023Updated 2 years ago
• frkngksl / UnlinkDLL

  View on GitHub
  DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
  ☆59Dec 15, 2023Updated 2 years ago
• leftp / BackupCreds

  View on GitHub
  A C# implementation of dumping credentials from Windows Credential Manager
  ☆61Sep 23, 2023Updated 2 years ago
• duhirsch / sigspoox

  View on GitHub
  Spoofing signatures in Office Open XML Documents (Word, Excel, Powerpoint)
  ☆26Nov 19, 2022Updated 3 years ago
• aaaddress1 / Skrull

  View on GitHub
  Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers t…
  ☆458Oct 25, 2021Updated 4 years ago
• netbiosX / AMSI-Provider

  View on GitHub
  A fake AMSI Provider which can be used for persistence.
  ☆155May 16, 2021Updated 4 years ago
• sud0Ru / NauthNRPC

  View on GitHub
  Enumerate Domain Users Without Authentication
  ☆281Apr 22, 2025Updated 9 months ago
• invictus-0x90 / Docker-C3

  View on GitHub
  Example of running C3 (https://github.com/FSecureLABS/C3) in a Docker container
  ☆27Oct 24, 2021Updated 4 years ago
• martinsohn / Office-phish-templates

  View on GitHub
  Tricks the target into enabling content (macros) with fake messages. Once enabled, uses macros to reduce the risk of suspision from targe…
  ☆173Mar 12, 2025Updated 11 months ago
• latortuga71 / SharpChisel-NG

  View on GitHub
  ☆39Sep 25, 2023Updated 2 years ago
• HullaBrian / COMmander

  View on GitHub
  .NET tool used to enrich RPC telemetry
  ☆101Jan 24, 2026Updated 3 weeks ago
• ustayready / wnfexec

  View on GitHub
  WNF Code Execution Library Using C#
  ☆110May 18, 2020Updated 5 years ago
• BeetleChunks / Obligato

  View on GitHub
  This project is an implant framework designed for long term persistent access to Windows machines.
  ☆108Sep 22, 2023Updated 2 years ago
• SECFORCE / SharpWhispers

  View on GitHub
  C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.
  ☆111Apr 14, 2023Updated 2 years ago