Alternatives and similar repositories for winsos-poc

Users that are interested in winsos-poc are comparing it to the libraries listed below

• rasta-mouse / CsWhispers

  View on GitHub
  Source generator to add D/Invoke and indirect syscall methods to a C# project.
  ☆186Mar 4, 2024Updated last year
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆432Dec 21, 2023Updated 2 years ago
• Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV

  View on GitHub
  Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
  ☆288May 27, 2024Updated last year
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆408Jan 11, 2026Updated last month
• Kudaes / ADPT

  View on GitHub
  DLL proxying for lazy people
  ☆198Dec 1, 2025Updated 2 months ago
• outflanknl / unmanaged-dotnet-patch

  View on GitHub
  Modify managed functions from unmanaged code
  ☆53Feb 1, 2024Updated 2 years ago
• maliciousgroup / RDI-SRDI

  View on GitHub
  This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".
  ☆85Apr 11, 2023Updated 2 years ago
• Mr-Un1k0d3r / .NetConfigLoader

  View on GitHub
  .net config loader
  ☆348Nov 9, 2023Updated 2 years ago
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆266Apr 8, 2025Updated 10 months ago
• Maldev-Academy / RemoteTLSCallbackInjection

  View on GitHub
  Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
  ☆286Jan 21, 2024Updated 2 years ago
• klezVirus / DriverJack

  View on GitHub
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆359Aug 11, 2024Updated last year
• rad9800 / hwbp4mw

  View on GitHub
  ☆274Jan 14, 2023Updated 3 years ago
• CICADA8-Research / IHxExec

  View on GitHub
  Process injection alternative
  ☆404Sep 6, 2024Updated last year
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆772Jan 26, 2026Updated 3 weeks ago
• senzee1984 / EDRPrison

  View on GitHub
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆457Aug 2, 2024Updated last year
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• pard0p / CallstackSpoofingPOC

  View on GitHub
  C++ self-Injecting dropper based on various EDR evasion techniques.
  ☆425Feb 11, 2024Updated 2 years ago
• antonioCoco / SspiUacBypass

  View on GitHub
  Bypassing UAC with SSPI Datagram Contexts
  ☆460Sep 24, 2023Updated 2 years ago
• Maldev-Academy / Christmas

  View on GitHub
  ☆259Jan 21, 2024Updated 2 years ago
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,199Oct 16, 2023Updated 2 years ago
• CICADA8-Research / COMThanasia

  View on GitHub
  A set of programs for analyzing common vulnerabilities in COM
  ☆246Sep 8, 2024Updated last year
• itaymigdal / LOLSpoof

  View on GitHub
  An interactive shell to spoof some LOLBins command line
  ☆188Jan 27, 2024Updated 2 years ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆381Dec 13, 2024Updated last year
• 0xEr3bus / RdpStrike

  View on GitHub
  Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.
  ☆249Jun 11, 2024Updated last year
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆106Aug 21, 2024Updated last year
• bananabr / Givemeahand

  View on GitHub
  A PoC tool for exploiting leaked process and thread handles
  ☆32Feb 13, 2024Updated 2 years ago
• ad0nis / ntlm_relay_gat

  View on GitHub
  ☆168Feb 29, 2024Updated last year
• Wh04m1001 / CVE-2024-20656

  View on GitHub
  ☆137Jan 14, 2024Updated 2 years ago
• nettitude / SharpConflux

  View on GitHub
  ☆65Mar 15, 2024Updated last year
• Helixo32 / CrimsonEDR

  View on GitHub
  Simulate the behavior of AV/EDR for malware development training.
  ☆561Feb 15, 2024Updated 2 years ago
• fin3ss3g0d / NativeThreadpool

  View on GitHub
  Work, timer, and wait callback example using solely Native Windows APIs.
  ☆88Feb 11, 2024Updated 2 years ago
• fortra / hw-call-stack

  View on GitHub
  Use hardware breakpoints to spoof the call stack for both syscalls and API calls
  ☆201Jun 6, 2024Updated last year
• reveng007 / Learning-EDR-and-EDR_Evasion

  View on GitHub
  I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning …
  ☆287Aug 1, 2025Updated 6 months ago
• Kudaes / Fiber

  View on GitHub
  Using fibers to run in-memory code.
  ☆240Oct 19, 2023Updated 2 years ago
• ZephrFish / DynamicMSBuilder

  View on GitHub
  A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
  ☆38Dec 7, 2025Updated 2 months ago
• MalwareTech / EDR-Preloader

  View on GitHub
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆539Feb 13, 2024Updated 2 years ago
• OtterHacker / Hooker

  View on GitHub
  ☆109Oct 29, 2024Updated last year
• nettitude / Aladdin

  View on GitHub
  ☆225Oct 22, 2023Updated 2 years ago
• dobin / RedEdr

  View on GitHub
  Collect Windows telemetry for Maldev
  ☆455Jan 30, 2026Updated 2 weeks ago