Alternatives and similar repositories for HiveSwarming

Users that are interested in HiveSwarming are comparing it to the libraries listed below

• nmantani / PS-MOTW
  PS-MOTW: PowerShell scripts to set / show / remove MOTW (Mark of the Web)
  ☆54Updated 2 years ago
• Slowerzs / CryptDecryptMemory
  ☆31Updated last year
• jdu2600 / Get-InjectedThreadEx
  Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2
  ☆51Updated 2 years ago
• OtterHacker / Hooker
  ☆108Updated last year
• whokilleddb / ETWListicle
  List the ETW provider(s) in the registration table of a process.
  ☆80Updated 2 years ago
• olafhartong / PockETWatcher
  a tiny program to consume from ETW providers for research
  ☆53Updated last year
• joe-desimone / rep-research
  ☆79Updated last year
• MaorSabag / Paruns-Fart
  Just another ntdll unhooking using Parun's Fart technique
  ☆76Updated 2 years ago
• praetorian-inc / swarmer
  A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN
  ☆74Updated 2 weeks ago
• whokilleddb / function-collections
  A collection of PoCs to do common things in unconventional ways
  ☆122Updated 5 months ago
• Maldev-Academy / PrefetchFileParser
  A lightweight Windows Prefetch file parser to extract programs' execution history
  ☆62Updated 3 weeks ago
• ghostbyt3 / BYOVDFinder
  Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.
  ☆75Updated 6 months ago
• klezVirus / koppeling-p
  Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
  ☆78Updated last year
• yo-yo-yo-jbo / commandline_spoofing
  Commandline spoofing on Windows
  ☆92Updated 2 months ago
• bot984397 / eepy
  ☆38Updated 9 months ago
• HullaBrian / COMmander
  .NET tool used to enrich RPC telemetry
  ☆101Updated 2 weeks ago
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆177Updated last year
• ibaiC / FriendlyFireBOF
  A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
  ☆57Updated 9 months ago
• ricardojoserf / NativeNtdllRemap
  Remap ntdll.dll using only NTAPI functions with a suspended process
  ☆27Updated 9 months ago
• synacktiv / keebcap
  Win32 keylogger that supports all (non-ime using) languages correctly
  ☆53Updated 2 years ago
• Print3M / epic
  PIC shellcode (C/C++) development toolkit designed for malware developers.
  ☆119Updated last month
• netero1010 / SCCMVNC
  A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications.…
  ☆115Updated last year
• s4dbrd / ETWReader
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆17Updated last year
• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆81Updated 7 months ago
• jborean93 / AmsiProvider
  Test AMSI Provider implementation in C#
  ☆42Updated last year
• whokilleddb / sinister-vsix
  Blog/Journal on how to backdoor VSCode extensions
  ☆76Updated 6 months ago
• dis0rder0x00 / stillepost
  Using Chromium-based browsers as a proxy for C2 traffic.
  ☆140Updated 2 months ago
• Teach2Breach / early_cascade_inj_rs
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Updated last year
• kapellos / LNKSmuggler
  A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.
  ☆92Updated last year
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆39Updated last year