Alternatives and similar repositories for ARL

Users that are interested in ARL are comparing it to the libraries listed below

• waawaa / Hooked-Injector
  Hooked create process injection for meterpreter
  ☆23Updated 4 years ago
• rbmm / SDD
  Self Delete DLL
  ☆23Updated last year
• sudonoodle / Aggressor-NTFY
  Cobalt Strike notifications via NTFY.
  ☆13Updated 9 months ago
• whokilleddb / funcshenanigans
  A bunch of shenanigans using functions, VEH and more
  ☆24Updated 2 weeks ago
• rbmm / Hollowed-Process
  ☆26Updated 4 months ago
• fern89 / runpe-x64
  RunPE adapted for x64 and written in C, does not use RWX
  ☆26Updated last year
• SolomonSklash / COM-Hijacking
  An example of COM hijacking using a proxy DLL.
  ☆28Updated 3 years ago
• hackerhouse-opensource / envschtasksuacbypass
  Bypass UAC elevation on Windows 8 (build 9600) & above.
  ☆56Updated 2 years ago
• FuzzySecurity / SAFACon-Vienna
  ☆23Updated last year
• Octoberfest7 / Proxy_Egress_Persistence
  A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies
  ☆32Updated 2 years ago
• fin3ss3g0d / HookFinder
  Simple PoC to locate hooked functions by EDR in ntdll.dll
  ☆36Updated last year
• RixedLabs / IDLE-Abuse
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆54Updated 2 years ago
• G0ldenGunSec / DayBird
  Extension functionality for the NightHawk operator client
  ☆27Updated last year
• Adepts-Of-0xCC / SnoopyOwl
  ☆48Updated 4 years ago
• EvanMcBroom / sleepy
  A lexer and parser for Sleep
  ☆20Updated last month
• Slowerzs / CryptDecryptMemory
  ☆30Updated 6 months ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated 2 years ago
• paranoidninja / DotNetTracer
  C code to enable ETW tracing for Dotnet Assemblies
  ☆31Updated 2 years ago
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆35Updated 3 years ago
• FalconForceTeam / bof-winrm-plugin-jump
  ☆27Updated 5 months ago
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆39Updated last year
• Allevon412 / BreadManModuleStomping
  ☆43Updated last year
• bot984397 / eepy
  ☆30Updated 2 months ago
• zimnyaa / stoplooking
  A simple BOF that disables some logging with NtSetInformationProcess
  ☆13Updated last year
• houseofint3 / windows-ps-callbacks-experiments
  Files for http://blog.deniable.org/posts/windows-callbacks/
  ☆12Updated 2 years ago
• OtterHacker / CoffLoader
  ☆54Updated 2 years ago
• rbmm / DirectSysCall
  ☆12Updated last year
• thiagomayllart / DarkMelkor
  Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.
  ☆28Updated 3 years ago
• a7t0fwa7 / SymProcSleuth
  A pure C version of SymProcAddress
  ☆27Updated last year
• thalpius / Microsoft-Defender-for-Identity-Encrypted-Password
  ☆36Updated last year