Alternatives and similar repositories for hwbp4mw

Users that are interested in hwbp4mw are comparing it to the libraries listed below

• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆276Jan 23, 2025Updated last year
• rad9800 / VehApiResolve

  View on GitHub
  ☆118Aug 7, 2022Updated 3 years ago
• rad9800 / TamperingSyscalls

  View on GitHub
  ☆504Aug 14, 2022Updated 3 years ago
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection

  View on GitHub
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆260Apr 29, 2023Updated 2 years ago
• rad9800 / WTSRM

  View on GitHub
  WTSRM
  ☆216Aug 7, 2022Updated 3 years ago
• rad9800 / WTSRM2

  View on GitHub
  ☆164Dec 30, 2022Updated 3 years ago
• klezVirus / SilentMoonwalk

  View on GitHub
  PoC Implementation of a fully dynamic call stack spoofer
  ☆901Jul 20, 2024Updated last year
• Dec0ne / HWSyscalls

  View on GitHub
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆718Jul 19, 2023Updated 2 years ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆675Dec 23, 2022Updated 3 years ago
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆138Sep 12, 2022Updated 3 years ago
• Cracked5pider / CodeCave

  View on GitHub
  A bunch of scripts and code i wrote.
  ☆149Nov 7, 2024Updated last year
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆106Aug 21, 2024Updated last year
• paranoidninja / Proxy-DLL-Loads

  View on GitHub
  The code is a pingback to the Dark Vortex blog:
  ☆187Jan 26, 2023Updated 3 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆246Jul 9, 2024Updated last year
• Cobalt-Strike / CallStackMasker

  View on GitHub
  A PoC implementation for dynamically masking call stacks with timers.
  ☆310Feb 13, 2023Updated 3 years ago
• SolomonSklash / netntlm

  View on GitHub
  A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP
  ☆37Jul 27, 2021Updated 4 years ago
• paranoidninja / Process-Instrumentation-Syscall-Hook

  View on GitHub
  A simple program to hook the current process to identify the manual syscall executions on windows
  ☆265Nov 18, 2022Updated 3 years ago
• WithSecureLabs / TickTock

  View on GitHub
  ☆113Oct 10, 2022Updated 3 years ago
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆678Oct 23, 2024Updated last year
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆373May 24, 2022Updated 3 years ago
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆408Jan 11, 2026Updated last month
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆149Feb 11, 2023Updated 3 years ago
• WithSecureLabs / CallStackSpoofer

  View on GitHub
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆549Apr 8, 2025Updated 10 months ago
• OccamsXor / Dragnmove

  View on GitHub
  Infect Shared Files In Memory for Lateral Movement
  ☆196Dec 14, 2022Updated 3 years ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆100Oct 7, 2023Updated 2 years ago
• Signal-Labs / iat_unhook_sample

  View on GitHub
  (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…
  ☆136Mar 3, 2025Updated 11 months ago
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,294Mar 21, 2025Updated 10 months ago
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆536Aug 1, 2022Updated 3 years ago
• Kudaes / Unwinder

  View on GitHub
  Call stack spoofing for Rust
  ☆356Feb 7, 2025Updated last year
• bohops / DynamicDotNet

  View on GitHub
  A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
  ☆146May 18, 2024Updated last year
• waldo-irc / YouMayPasser

  View on GitHub
  You shall pass
  ☆271Jul 16, 2022Updated 3 years ago
• susMdT / LoudSunRun

  View on GitHub
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆254Oct 16, 2024Updated last year
• NUL0x4C / KnownDllUnhook

  View on GitHub
  Replace the .txt section of the current loaded modules from \KnownDlls\
  ☆305Sep 28, 2022Updated 3 years ago
• paranoidninja / Proxy-Function-Calls-For-ETwTI

  View on GitHub
  The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
  ☆209Jan 29, 2023Updated 3 years ago
• fortra / hw-call-stack

  View on GitHub
  Use hardware breakpoints to spoof the call stack for both syscalls and API calls
  ☆201Jun 6, 2024Updated last year
• reveng007 / ReflectiveNtdll

  View on GitHub
  A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…
  ☆181Feb 10, 2023Updated 3 years ago
• Cracked5pider / Ekko

  View on GitHub
  Sleep Obfuscation
  ☆814Dec 3, 2023Updated 2 years ago
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆294Dec 3, 2023Updated 2 years ago