Alternatives and similar repositories for injectAmsiBypass

Users that are interested in injectAmsiBypass are comparing it to the libraries listed below

• sliverarmory / injectEtwBypass

  View on GitHub
  CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
  ☆31Dec 31, 2021Updated 4 years ago
• lwch / crpc

  View on GitHub
  golang rpc框架，支持数据加密传输
  ☆13Jan 19, 2026Updated 3 weeks ago
• Mr-Un1k0d3r / Elevate-System-Trusted-BOF

  View on GitHub
  ☆160Mar 27, 2023Updated 2 years ago
• Octoberfest7 / EventViewerUAC_BOF

  View on GitHub
  Beacon Object File implementation of Event Viewer deserialization UAC bypass
  ☆133May 6, 2022Updated 3 years ago
• knightswd / WindowsHackCode

  View on GitHub
  Code with Windows Hacker
  ☆12Oct 14, 2022Updated 3 years ago
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆138Sep 12, 2022Updated 3 years ago
• netero1010 / Quser-BOF

  View on GitHub
  Cobalt Strike BOF for quser.exe implementation using Windows API
  ☆87Mar 22, 2023Updated 2 years ago
• paranoidninja / Process-Instrumentation-Syscall-Hook

  View on GitHub
  A simple program to hook the current process to identify the manual syscall executions on windows
  ☆265Nov 18, 2022Updated 3 years ago
• alfarom256 / StinkyLoader

  View on GitHub
  It stinks
  ☆105Apr 22, 2022Updated 3 years ago
• NVISOsecurity / CobaltWhispers

  View on GitHub
  CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…
  ☆243Jan 4, 2023Updated 3 years ago
• boku7 / injectEtwBypass

  View on GitHub
  CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
  ☆301Sep 28, 2021Updated 4 years ago
• mhaskar / MalleableC2-Profiles

  View on GitHub
  A collection of Cobalt Strike Malleable C2 profiles
  ☆36Oct 13, 2020Updated 5 years ago
• timwhitez / Doge-COFFLdr

  View on GitHub
  Its a coff loader ported to go( Modified by TimWhite )
  ☆26Jul 17, 2023Updated 2 years ago
• rsmudge / ZeroLogon-BOF

  View on GitHub
  ☆163Apr 25, 2022Updated 3 years ago
• anthemtotheego / CredBandit

  View on GitHub
  Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…
  ☆219Jul 14, 2021Updated 4 years ago
• Octoberfest7 / KillDefender_BOF

  View on GitHub
  Beacon Object File implementation of pwn1sher's KillDefender
  ☆67Jun 28, 2022Updated 3 years ago
• ZephrFish / DynamicMSBuilder

  View on GitHub
  A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
  ☆38Dec 7, 2025Updated 2 months ago
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆253Jun 25, 2023Updated 2 years ago
• SaadAhla / D1rkLdr

  View on GitHub
  Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…
  ☆323Aug 2, 2023Updated 2 years ago
• timwhitez / Doge-newSyscall

  View on GitHub
  use shellcode as asm function
  ☆23Mar 29, 2022Updated 3 years ago
• iilegacyyii / ThreadlessInject-BOF

  View on GitHub
  BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…
  ☆394Jan 9, 2024Updated 2 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• frkngksl / NiCOFF

  View on GitHub
  COFF and BOF Loader written in Nim
  ☆176Aug 1, 2022Updated 3 years ago
• NoOne-hub / Beacon.dll

  View on GitHub
  Beacon.dll reverse
  ☆141Sep 5, 2021Updated 4 years ago
• frkngksl / ParallelNimcalls

  View on GitHub
  Nim version of MDSec's Parallel Syscall PoC
  ☆124Jan 14, 2022Updated 4 years ago
• Octoberfest7 / Mutants_Sessions_Self-Deletion

  View on GitHub
  Writeup of Payload Techniques in C involving Mutants, Session 1 -> Session 0 migration, and Self-Deletion of payloads.
  ☆129Apr 24, 2022Updated 3 years ago
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆373May 24, 2022Updated 3 years ago
• OffenseTeacher / Steganim

  View on GitHub
  ☆46Jun 21, 2023Updated 2 years ago
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆276Jan 23, 2025Updated last year
• S3cur3Th1sSh1t / Nim_DInvoke

  View on GitHub
  D/Invoke implementation in Nim
  ☆103Jun 8, 2022Updated 3 years ago
• apokryptein / secinject

  View on GitHub
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆102Jan 7, 2022Updated 4 years ago
• Octoberfest7 / DropSpawn_BOF

  View on GitHub
  CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
  ☆285Jun 8, 2023Updated 2 years ago
• boku7 / spawn

  View on GitHub
  Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…
  ☆469Mar 8, 2023Updated 2 years ago
• S4ntiagoP / freeBokuLoader

  View on GitHub
  A simple BOF that frees UDRLs
  ☆122May 29, 2022Updated 3 years ago
• mdsecactivebreach / ParallelSyscalls

  View on GitHub
  ☆169Jan 7, 2022Updated 4 years ago
• nickvangilder / To-Safe-Mode-And-Beyond

  View on GitHub
  A tool for leveraging elevated acess over a computer to boot the computer into Windows Safe Mode, alter settings, and then boot back into…
  ☆16Nov 6, 2021Updated 4 years ago
• XTeam-Wing / SharpMimikatz

  View on GitHub
  Csharp 反射加载dll
  ☆41Aug 8, 2021Updated 4 years ago
• passthehashbrowns / BOFMask

  View on GitHub
  ☆126Jun 28, 2023Updated 2 years ago
• BronzeTicket / ClipboardWindow-Inject

  View on GitHub
  CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback
  ☆68Sep 15, 2022Updated 3 years ago