Alternatives and similar repositories for whoamsi

Users that are interested in whoamsi are comparing it to the libraries listed below

• Barbarisch / forkatz

  View on GitHub
  credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege
  ☆123May 22, 2021Updated 4 years ago
• anthemtotheego / CredBandit

  View on GitHub
  Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…
  ☆219Jul 14, 2021Updated 4 years ago
• TheWover / DInvoke

  View on GitHub
  Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
  ☆772Dec 21, 2022Updated 3 years ago
• nettitude / ShellcodeMutator

  View on GitHub
  ☆247Dec 16, 2022Updated 3 years ago
• itm4n / PPLdump

  View on GitHub
  Dump the memory of a PPL with a userland exploit
  ☆892Jul 24, 2022Updated 3 years ago
• outflanknl / TamperETW

  View on GitHub
  PoC to demonstrate how CLR ETW events can be tampered.
  ☆192Mar 26, 2020Updated 5 years ago
• CCob / MirrorDump

  View on GitHub
  Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…
  ☆269Mar 18, 2021Updated 4 years ago
• LloydLabs / process-enumeration-stealth

  View on GitHub
  ☆83Aug 26, 2024Updated last year
• Mr-Un1k0d3r / EDRs

  View on GitHub
  ☆2,169Feb 21, 2023Updated 2 years ago
• hlldz / RefleXXion

  View on GitHub
  RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …
  ☆502Jan 25, 2022Updated 4 years ago
• RedCursorSecurityConsulting / PPLKiller

  View on GitHub
  Tool to bypass LSA Protection (aka Protected Process Light)
  ☆986Dec 4, 2022Updated 3 years ago
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆675Dec 23, 2022Updated 3 years ago
• med0x2e / ExecuteAssembly

  View on GitHub
  Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…
  ☆595Jul 26, 2021Updated 4 years ago
• nettitude / RunOF

  View on GitHub
  ☆152Jan 6, 2023Updated 3 years ago
• rad9800 / TamperingSyscalls

  View on GitHub
  ☆504Aug 14, 2022Updated 3 years ago
• bohops / UltimateWDACBypassList

  View on GitHub
  A centralized resource for previously documented WDAC bypass techniques
  ☆606Sep 8, 2025Updated 5 months ago
• X-C3LL / wfp-reader

  View on GitHub
  Proof of concept - Covert Channel using Windows Filtering Platform (C#)
  ☆21Aug 29, 2021Updated 4 years ago
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆301Oct 26, 2022Updated 3 years ago
• checkymander / Carbuncle

  View on GitHub
  Tool for interacting with outlook interop during red team engagements
  ☆146Jun 29, 2021Updated 4 years ago
• rad9800 / WTSRM

  View on GitHub
  WTSRM
  ☆216Aug 7, 2022Updated 3 years ago
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆148Feb 11, 2023Updated 3 years ago
• Mr-Un1k0d3r / AMSI-ETW-Patch

  View on GitHub
  Patch AMSI and ETW
  ☆249May 8, 2024Updated last year
• Cracked5pider / Ekko

  View on GitHub
  Sleep Obfuscation
  ☆814Dec 3, 2023Updated 2 years ago
• G0ldenGunSec / SharpTransactedLoad

  View on GitHub
  Load .net assemblies from memory while having them appear to be loaded from an on-disk location.
  ☆173May 5, 2021Updated 4 years ago
• PwnDexter / SharpEDRChecker

  View on GitHub
  Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…
  ☆738Oct 28, 2025Updated 3 months ago
• jthuraisamy / SysWhispers2

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,789Sep 3, 2022Updated 3 years ago
• jfmaes / SharpHandler

  View on GitHub
  ☆185Jan 5, 2021Updated 5 years ago
• mdsecactivebreach / Farmer

  View on GitHub
  ☆415Apr 28, 2021Updated 4 years ago
• boku7 / spawn

  View on GitHub
  Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…
  ☆469Mar 8, 2023Updated 2 years ago
• Mr-Un1k0d3r / SCShell

  View on GitHub
  Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
  ☆1,594Jul 10, 2023Updated 2 years ago
• CCob / SharpBlock

  View on GitHub
  A method of bypassing EDR's active projection DLL's by preventing entry point exection
  ☆1,164Mar 31, 2021Updated 4 years ago
• pwn1sher / KillDefender

  View on GitHub
  A small POC to make defender useless by removing its token privileges and lowering the token integrity
  ☆689Jun 28, 2022Updated 3 years ago
• klezVirus / CheeseTools

  View on GitHub
  Self-developed tools for Lateral Movement/Code Execution
  ☆718Aug 17, 2021Updated 4 years ago
• RedSection / OffensivePH

  View on GitHub
  OffensivePH - use old Process Hacker driver to bypass several user-mode access controls
  ☆334Oct 9, 2021Updated 4 years ago
• GetRektBoy724 / SharpUnhooker

  View on GitHub
  C# Based Universal API Unhooker
  ☆411Feb 18, 2022Updated 3 years ago
• lawiet47 / STFUEDR

  View on GitHub
  Silence EDRs by removing kernel callbacks
  ☆239Dec 7, 2020Updated 5 years ago
• FalconForceTeam / SysWhispers2BOF

  View on GitHub
  Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs
  ☆127May 24, 2022Updated 3 years ago
• 0xsp-SRD / callback_injection-Csharp

  View on GitHub
  this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…
  ☆88Jun 24, 2022Updated 3 years ago
• antonioCoco / MalSeclogon

  View on GitHub
  A little tool to play with the Seclogon service
  ☆328Jul 10, 2022Updated 3 years ago