r0keb/TrashFormer external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

r0keb/TrashFormer

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/r0keb/TrashFormer)

Close

r0keb / TrashFormerView on GitHubMore

• External links
• Readme badge

A 64 bit executable junk code engine for polymorphic malware.

☆76Jun 16, 2025Updated 8 months ago

Alternatives and similar repositories for TrashFormer

Users that are interested in TrashFormer are comparing it to the libraries listed below

• EvilBytecode / Evilbytecode-Gate

  View on GitHub
  Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…
  ☆26Apr 21, 2025Updated 10 months ago
• FatRodzianko / Get-Writable

  View on GitHub
  Find world writable directories that contain a .exe or .dll file
  ☆13Aug 31, 2021Updated 4 years ago
• r0keb / MunIntel

  View on GitHub
  kASLR bypass technique on Intel CPUs.
  ☆32May 18, 2025Updated 9 months ago
• patrickt2017 / VEHNetLoader

  View on GitHub
  Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
  ☆50Jul 6, 2025Updated 7 months ago
• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆41Aug 28, 2024Updated last year
• passthehashbrowns / Being-A-Good-CLR-Host

  View on GitHub
  ☆86Jan 21, 2025Updated last year
• almounah / hardwareturningpoint

  View on GitHub
  HardwareTurningPoint, Fully Go Compatible Hardware Breakpoint
  ☆16Jan 30, 2025Updated last year
• C5Hackr / ARM64_AmsiPatch

  View on GitHub
  ☆21Jan 8, 2026Updated last month
• s4dbrd / ETWReader

  View on GitHub
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆18Jun 29, 2024Updated last year
• lleon1435 / birdnet-poc

  View on GitHub
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆14Jul 9, 2023Updated 2 years ago
• EvilBytecode / Malwarebytes-Shutdowner

  View on GitHub
  Kill malawarebytes process. Can be ported to any programming language.
  ☆12Apr 21, 2025Updated 10 months ago
• jc-ryan / holistic_automated_red_teaming

  View on GitHub
  [EMNLP 2024] Holistic Automated Red Teaming for Large Language Models through Top-Down Test Case Generation and Multi-turn Interaction
  ☆17Nov 9, 2024Updated last year
• electroglyph / anti_defender

  View on GitHub
  A slightly more fun way to disable windows defender
  ☆52May 4, 2025Updated 10 months ago
• fin3ss3g0d / StoneKeeper

  View on GitHub
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆209Dec 25, 2024Updated last year
• amberchalia / fraction_loader

  View on GitHub
  ☆48Oct 14, 2025Updated 4 months ago
• HulkOperator / Spoof-RetAddr

  View on GitHub
  ☆37Nov 8, 2024Updated last year
• susMdT / ForsHops

  View on GitHub
  ForsHops
  ☆59Mar 25, 2025Updated 11 months ago
• dreadnode / lolmil

  View on GitHub
  ☆38Oct 16, 2025Updated 4 months ago
• zero2504 / Shadow-Rebirth

  View on GitHub
  Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique
  ☆20Dec 3, 2024Updated last year
• 0xcf80 / ShellCodeLoader_Indirect_Syscalls

  View on GitHub
  Shellcode Loader using indirect syscalls
  ☆16Jan 21, 2024Updated 2 years ago
• vvswift / Bypass-Protection0x00

  View on GitHub
  EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.
  ☆57Nov 17, 2025Updated 3 months ago
• C5Hackr / Segment-Encryption

  View on GitHub
  ☆29Oct 19, 2024Updated last year
• redr0nin / Agentic-Flow-Corruption-Attacks

  View on GitHub
  A red teaming attack paradigm against AI Agents
  ☆32Mar 9, 2025Updated 11 months ago
• xRedCodex / BofArsenal

  View on GitHub
  The most extensive collection of BOFs (Beacon Object Files) tailored for Red Teams using C++23
  ☆23Jun 19, 2025Updated 8 months ago
• Friends-Security / RedirectThread

  View on GitHub
  Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…
  ☆199Jun 17, 2025Updated 8 months ago
• githubesson / chrome_abe_poc

  View on GitHub
  golang decryption poc of the new app bound encryption introduced in chrome version 127.
  ☆22Nov 4, 2024Updated last year
• EvilBytecode / EByte-Pattern-AmsiPatch

  View on GitHub
  Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…
  ☆27May 13, 2025Updated 9 months ago
• ProcessusT / SharpVenoma

  View on GitHub
  CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
  ☆51Apr 22, 2024Updated last year
• zzhsec / NlsCodeInjectionThroughRegistry

  View on GitHub
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆17Jun 18, 2022Updated 3 years ago
• Teach2Breach / stargate

  View on GitHub
  Locate dlls and function addresses without PEB Walk and EAT parsing
  ☆104Nov 7, 2025Updated 3 months ago
• jdu2600 / EtwTi-FluctuationMonitor

  View on GitHub
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆169May 17, 2023Updated 2 years ago
• KingKDot / PowerCrypt

  View on GitHub
  The best powershell obfuscator ever made
  ☆124Aug 1, 2025Updated 7 months ago
• V-i-x-x / kernel-callback-removal

  View on GitHub
  kernel callback removal (Bypassing EDR Detections)
  ☆211Nov 14, 2025Updated 3 months ago
• jdu2600 / Etw-SyscallMonitor

  View on GitHub
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆88May 17, 2023Updated 2 years ago
• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆138Apr 6, 2025Updated 10 months ago
• amroes / FlexSheller

  View on GitHub
  ☆12Feb 4, 2025Updated last year
• GetRektBoy724 / Breaking-Detecting-Direct-Syscall-Techniques

  View on GitHub
  A repository filled with ideas to break/detect direct syscall techniques
  ☆26Apr 21, 2022Updated 3 years ago
• artemy-ccrsky / DecryptRecoveryLAPS_RPC

  View on GitHub
  A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.
  ☆29Jun 9, 2025Updated 8 months ago
• ajm4n / TermHound

  View on GitHub
  ☆26Nov 8, 2024Updated last year