☆24Feb 1, 2025Updated last year
Alternatives and similar repositories for ARL
Users that are interested in ARL are comparing it to the libraries listed below
Sorting:
- Threadless shellcode injection tool☆68Aug 5, 2024Updated last year
- ☆18Feb 29, 2024Updated 2 years ago
- RunPE adapted for x64 and written in C, does not use RWX☆28May 18, 2024Updated last year
- ☆31Dec 5, 2024Updated last year
- Self Delete DLL☆22Feb 15, 2024Updated 2 years ago
- ☆39Feb 26, 2025Updated last year
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆24Jul 5, 2023Updated 2 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆65Mar 19, 2024Updated 2 years ago
- Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute☆25Jun 5, 2024Updated last year
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Parse SDDL strings☆37Apr 1, 2024Updated last year
- Nemesis agent for Mythic☆28Dec 11, 2025Updated 3 months ago
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆78Oct 27, 2025Updated 4 months ago
- Amazing whoami alternatives☆140Mar 23, 2024Updated last year
- Automated (kinda) deployment of MalRDP infrastructure with Terraform & Ansible☆12Sep 15, 2023Updated 2 years ago
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- ☆57Jan 15, 2024Updated 2 years ago
- An improvement and a different approach to Mockingjay Self-Injection.☆35May 21, 2024Updated last year
- ☆29Aug 24, 2025Updated 6 months ago
- A lexer and parser for Sleep☆20Feb 20, 2026Updated last month
- PoC script to demonstrate collection of SCCM attack paths that can be viewed in BH with OpenGraph☆24Aug 2, 2025Updated 7 months ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆67Mar 6, 2026Updated 2 weeks ago
- Windows Service with the implementation of the Process hollowing technique to run shellcode☆14Jul 20, 2023Updated 2 years ago
- Modified versions of the Cobalt Strike Process Injection Kit☆106Jan 24, 2024Updated 2 years ago
- ☆31Jul 26, 2024Updated last year
- Click Once + App Domain☆67Feb 23, 2026Updated last month
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Jul 12, 2024Updated last year
- Claude MCP server to perform analysis on ROADrecon data☆49Mar 30, 2025Updated 11 months ago
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆190Mar 4, 2024Updated 2 years ago
- ☆24Sep 26, 2021Updated 4 years ago
- Template-based generation of shellcode loaders☆80Apr 20, 2024Updated last year
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…☆32May 30, 2024Updated last year
- C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)☆25Mar 7, 2023Updated 3 years ago
- Splitting and executing shellcode across multiple pages☆103Jun 8, 2023Updated 2 years ago
- ☆52May 4, 2025Updated 10 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆211Jun 10, 2024Updated last year
- ☆100Sep 1, 2024Updated last year
- A public, open source physical security methodology☆47Apr 2, 2024Updated last year
- The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/☆210Jan 29, 2023Updated 3 years ago