Alternatives and similar repositories for Reg-Restore-Persistence-Mole

Users that are interested in Reg-Restore-Persistence-Mole are comparing it to the libraries listed below

• persistent-security / hermes-the-messenger

  View on GitHub
  A PoC for achieving persistence via push notifications on Windows
  ☆48Jun 9, 2023Updated 2 years ago
• HaydoW / NerfDefender

  View on GitHub
  BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
  ☆24Jul 5, 2023Updated 2 years ago
• iamagarre / BadExclusions

  View on GitHub
  BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR
  ☆20Feb 8, 2024Updated 2 years ago
• Allevon412 / SyscallTempering

  View on GitHub
  ☆31Jul 26, 2024Updated last year
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆63Mar 19, 2024Updated last year
• zimnyaa / smbsocks

  View on GitHub
  A simple rpc2socks alternative in pure Go.
  ☆31Jul 8, 2024Updated last year
• outflanknl / unmanaged-dotnet-patch

  View on GitHub
  Modify managed functions from unmanaged code
  ☆53Feb 1, 2024Updated 2 years ago
• weaselsec / ClickOnce-AppDomain-Manager-Injection

  View on GitHub
  Click Once + App Domain
  ☆64Dec 4, 2023Updated 2 years ago
• dmcxblue / SharpBlackout

  View on GitHub
  Terminate AV/EDR leveraging BYOVD attack
  ☆104Mar 21, 2025Updated 10 months ago
• susMdT / effective-waffle

  View on GitHub
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69May 11, 2023Updated 2 years ago
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• netbiosX / GhostLoader

  View on GitHub
  GhostLoader - AppDomainManager - Injection - 攻壳机动队
  ☆53May 21, 2020Updated 5 years ago
• rkbennett / pyThreadlessInject

  View on GitHub
  A python port of CCob's ThreadlessInject
  ☆25Mar 18, 2023Updated 2 years ago
• EspressoCake / Defender-Exclusions-Creator-BOF

  View on GitHub
  ☆83Nov 1, 2023Updated 2 years ago
• leftp / DPAPISnoop

  View on GitHub
  A C# tool to output crackable DPAPI hashes from user MasterKeys
  ☆140Sep 14, 2024Updated last year
• tothi / stager_libpeconv

  View on GitHub
  A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading
  ☆84Nov 21, 2022Updated 3 years ago
• redskal / malrdp-deploy

  View on GitHub
  Automated (kinda) deployment of MalRDP infrastructure with Terraform & Ansible
  ☆12Sep 15, 2023Updated 2 years ago
• antroguy / LocklessBof

  View on GitHub
  Lockless BOF
  ☆79May 2, 2025Updated 9 months ago
• Allevon412 / ReflectiveDLLInjector

  View on GitHub
  This program is used to perform reflective DLL Injection to a remote process specified by the user.
  ☆65Jul 11, 2023Updated 2 years ago
• x0reaxeax / PageSplit

  View on GitHub
  Splitting and executing shellcode across multiple pages
  ☆103Jun 8, 2023Updated 2 years ago
• Kudaes / CustomEntryPoint

  View on GitHub
  Select any exported function in a dll as the new dll's entry point.
  ☆82Oct 25, 2024Updated last year
• ewby / Mockingjay_BOF

  View on GitHub
  Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
  ☆158Nov 7, 2023Updated 2 years ago
• c3r3br4t3 / ShadowRDP

  View on GitHub
  ☆75Feb 4, 2024Updated 2 years ago
• Maldev-Academy / MaldevAcademyLdr.1

  View on GitHub
  RunPE implementation with multiple evasive techniques (1)
  ☆381Sep 22, 2023Updated 2 years ago
• parzel / GoSleepyCrypt

  View on GitHub
  In-memory sleep encryption and heap encryption for Go applications through a shellcode function.
  ☆40Jan 14, 2024Updated 2 years ago
• S12cybersecurity / RDPCredentialStealer

  View on GitHub
  RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++
  ☆259Jun 14, 2023Updated 2 years ago
• gabriellandau / EDRSandblast-GodFault

  View on GitHub
  EDRSandblast-GodFault
  ☆271Aug 28, 2023Updated 2 years ago
• wsummerhill / CSharp-Alt-Shellcode-Callbacks

  View on GitHub
  A collection of (even more) alternative shellcode callback methods in CSharp
  ☆81Oct 26, 2024Updated last year
• SaadAhla / D1rkLdr

  View on GitHub
  Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…
  ☆323Aug 2, 2023Updated 2 years ago
• PhrozenIO / SharpShellPipe

  View on GitHub
  This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.
  ☆122Feb 21, 2025Updated 11 months ago
• TunnelGRE / Percino

  View on GitHub
  Evasive Golang Loader
  ☆137Jul 27, 2024Updated last year
• strozfriedberg / DUALITY

  View on GitHub
  ☆18Feb 29, 2024Updated last year
• ibaiC / SafeHarbor-BOF

  View on GitHub
  Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…
  ☆75Oct 27, 2025Updated 3 months ago
• LloydLabs / shellcode-plain-sight

  View on GitHub
  Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
  ☆209Nov 12, 2025Updated 3 months ago
• buzzer-re / Shinigami

  View on GitHub
  A dynamic unpacking tool
  ☆145Sep 17, 2023Updated 2 years ago
• CICADA8-Research / TypeLibWalker

  View on GitHub
  TypeLib persistence technique
  ☆139Oct 22, 2024Updated last year
• x42en / sysplant

  View on GitHub
  Your syscall factory
  ☆126Jan 13, 2026Updated last month
• florylsk / NtRemoteLoad

  View on GitHub
  Remote Shellcode Injector
  ☆221Aug 27, 2023Updated 2 years ago
• dmcxblue / SharpGhostTask

  View on GitHub
  A C# port from Invoke-GhostTask
  ☆119Jan 5, 2024Updated 2 years ago