Alternatives and similar repositories for Etwti-UnhookPOC

Users that are interested in Etwti-UnhookPOC are comparing it to the libraries listed below

• ScriptIdiot / sleepmask_ekko_cfg
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆48Updated 2 years ago
• Hagrid29 / BOF-CredUI
  Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt
  ☆23Updated 3 years ago
• thiagomayllart / DarkMelkor
  Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.
  ☆28Updated 4 years ago
• jsecu / ElevatedEvents
  ☆31Updated 3 years ago
• MaorSabag / fileSearcher
  A simple BOF (Beacon Object File) to search files in the system
  ☆15Updated 2 years ago
• TomOS3 / UserModeUnhooking
  This project is created for research into antivirus evasion by unhooking.
  ☆18Updated 4 years ago
• EspressoCake / DLL-Exports-Extraction-BOF
  DLL Exports Extraction BOF with optional NTFS transactions.
  ☆84Updated 4 years ago
• Allevon412 / BreadManModuleStomping
  ☆44Updated 2 years ago
• zimnyaa / PhaseDive
  Sleep Obfuscation
  ☆45Updated 3 years ago
• MrAle98 / BOF-RunPE
  ☆58Updated 2 years ago
• snovvcrash / BOFs
  Beacon Object Files (not Buffer Overflows)
  ☆57Updated 2 years ago
• soufianetahiri / CitrixSecureAccessAuthCookieDump
  Dump Citrix Secure Access auth cookie from the process memory
  ☆76Updated 3 years ago
• guervild / InlineZipper
  ☆24Updated 3 years ago
• timwhitez / JmpUnhook
  Ntdll Unhooking POC
  ☆19Updated 3 years ago
• zimawhit3 / DynimicGhostWriting
  Windows x64 Process Injection via Ghostwriting with Dynamic Configuration
  ☆29Updated 4 years ago
• artemy-ccrsky / DecryptRecoveryLAPS_RPC
  A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.
  ☆28Updated 6 months ago
• timwhitez / AddressOfEntryPoint-injection
  x64 version
  ☆36Updated 4 years ago
• EspressoCake / BOF_NativeAPI_Definitions-VSCode
  A VSCode plugin to assist with BOF development.
  ☆37Updated last year
• susMdT / effective-waffle
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69Updated 2 years ago
• Mav3rick33 / ZenLdr
  Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature
  ☆102Updated 2 years ago
• GetRektBoy724 / HalosUnhooker
  Halos Gate-based NTAPI Unhooker
  ☆52Updated 3 years ago
• SolomonSklash / netntlm
  A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP
  ☆37Updated 4 years ago
• mobdk / Upsilon
  Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
  ☆92Updated 4 years ago
• nick-frischkorn / SuspendEventLogBOF
  Beacon Object File to locate and suspend the threads hosting the Event Log service
  ☆28Updated 3 years ago
• KingOfTheNOPs / EnableWebDAVClient-BOF
  Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts
  ☆23Updated 2 years ago
• Cobalt-Strike / obfuscator-llvm
  ☆57Updated last year
• seahop / titan
  Titan: A generic user defined reflective DLL for Cobalt Strike
  ☆85Updated 3 years ago
• netero1010 / Quser-BOF
  Cobalt Strike BOF for quser.exe implementation using Windows API
  ☆87Updated 2 years ago
• eladshamir / SharpElevator
  SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…
  ☆60Updated 3 years ago
• 0x3rhy / GetClipboard
  Cobalt Strike Get clipboard plugin
  ☆15Updated 2 years ago