Alternatives and similar repositories for the-poor-mans-obfuscator

Users that are interested in the-poor-mans-obfuscator are comparing it to the libraries listed below

• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆149Feb 11, 2023Updated 3 years ago
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆536Aug 1, 2022Updated 3 years ago
• RedSiege / PersistAssist

  View on GitHub
  Fully modular persistence framework
  ☆258Apr 10, 2023Updated 2 years ago
• CryptoExperts / wyverse

  View on GitHub
  White-box analytic framework based on LLVM
  ☆39Jun 10, 2019Updated 6 years ago
• JannisKirschner / SymbolicExecutionDemystified

  View on GitHub
  Slides and Material for "SymbolicExecutionDemystified" Presentation @ Insomni'Hack 2022
  ☆100Mar 26, 2022Updated 3 years ago
• audibleblink / davil

  View on GitHub
  leaking net-ntlm with webdav
  ☆26Feb 23, 2021Updated 4 years ago
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆373May 24, 2022Updated 3 years ago
• codewhitesec / Lastenzug

  View on GitHub
  Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
  ☆235Oct 18, 2022Updated 3 years ago
• evm-sec / high-pcode

  View on GitHub
  Output high level Pcode (PcodeAST) in Ghidra
  ☆16Apr 7, 2023Updated 2 years ago
• djhohnstein / CSharpCreateThreadExample

  View on GitHub
  C# code to run PIC using CreateThread
  ☆17Apr 19, 2019Updated 6 years ago
• romainthomas / reverse-engineering-workshop

  View on GitHub
  Slides & Hands-on for the reverse engineering workshop
  ☆184Dec 5, 2022Updated 3 years ago
• asaurusrex / MachoBins

  View on GitHub
  ☆15Jul 20, 2022Updated 3 years ago
• rad9800 / WTSRM

  View on GitHub
  WTSRM
  ☆216Aug 7, 2022Updated 3 years ago
• icyguider / nimcrypt

  View on GitHub
  PE Crypter written in Nim
  ☆101Mar 25, 2021Updated 4 years ago
• dr4k0nia / Origami

  View on GitHub
  Packer compressing .net assemblies, (ab)using the PE format for data storage
  ☆177Jan 14, 2023Updated 3 years ago
• SheLLVM / SheLLVM

  View on GitHub
  A collection of LLVM transform and analysis passes to write shellcode in regular C
  ☆381Jun 12, 2023Updated 2 years ago
• mrT4ntr4 / MODeflattener

  View on GitHub
  MODeflattener deobfuscates control flow flattened functions obfuscated by OLLVM using Miasm.
  ☆203Jul 23, 2021Updated 4 years ago
• zimnyaa / inmembof.py

  View on GitHub
  A small example of loading BOFs in Python with pure reflection
  ☆19Jan 26, 2023Updated 3 years ago
• pathtofile / PPLRunner

  View on GitHub
  Run Processes as PPL with ELAM
  ☆175Mar 17, 2022Updated 3 years ago
• pwn1sher / frostbyte

  View on GitHub
  FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads
  ☆386Apr 16, 2022Updated 3 years ago
• cedowens / Dylib_Runner

  View on GitHub
  Swift code to run a dylib on disk
  ☆16May 9, 2022Updated 3 years ago
• eset / stadeo

  View on GitHub
  Control-flow-flattening and string deobfuscator
  ☆160Nov 8, 2021Updated 4 years ago
• memN0ps / venom-rs

  View on GitHub
  Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)
  ☆360Mar 2, 2024Updated last year
• meme / hellscape

  View on GitHub
  GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE.
  ☆403Jan 18, 2021Updated 5 years ago
• Sentinel-One / peafl64

  View on GitHub
  Static Binary Instrumentation tool for Windows x64 executables
  ☆207Sep 29, 2025Updated 4 months ago
• thefLink / RecycledGate

  View on GitHub
  Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
  ☆498Feb 3, 2022Updated 4 years ago
• atredis-jordan / SymbolicTriagePost

  View on GitHub
  Supporting Materials for “Symbolic Triage” blog post
  ☆24Oct 31, 2022Updated 3 years ago
• Bw3ll / sharem

  View on GitHub
  SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…
  ☆478Jun 25, 2025Updated 7 months ago
• SaadAhla / D1rkLdr

  View on GitHub
  Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…
  ☆323Aug 2, 2023Updated 2 years ago
• slick1015 / pad_unpacker

  View on GitHub
  ☆35Dec 2, 2018Updated 7 years ago
• FrenchYeti / interruptor

  View on GitHub
  Human-friendly cross-platform system call tracing and hooking library based on Frida's Stalker
  ☆356Jul 21, 2023Updated 2 years ago
• aaaddress1 / sakeInject

  View on GitHub
  Windows PE - TLS (Thread Local Storage) Injector in C/C++
  ☆107Jan 3, 2021Updated 5 years ago
• NudistBeaaach / Chained-CFG-obfuscation-pass

  View on GitHub
  LLVM obfuscation pass, flattening at the basic block's level and turning each basic block into a dispacher and each instruction into a ne…
  ☆49Aug 23, 2021Updated 4 years ago
• mgeeky / msi-shenanigans

  View on GitHub
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆90Dec 15, 2022Updated 3 years ago
• TheWover / GhostLoader

  View on GitHub
  GhostLoader - AppDomainManager - Injection - 攻壳机动队
  ☆162May 27, 2020Updated 5 years ago
• shlyuz / teamserver

  View on GitHub
  ☆12Jun 22, 2022Updated 3 years ago
• enkomio / AlanFramework

  View on GitHub
  A C2 post-exploitation framework
  ☆483Jan 24, 2024Updated 2 years ago
• therealdreg / cgaty

  View on GitHub
  Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)
  ☆73Aug 11, 2023Updated 2 years ago
• CCob / ProvisionAppx

  View on GitHub
  ☆39Oct 12, 2022Updated 3 years ago