Alternatives and similar repositories for tradecraft:

Users that are interested in tradecraft are comparing it to the libraries listed below

• reecdeep / hollowise
  Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …
  ☆36Updated 2 months ago
• Crowdfense / CVE-2024-21338
  Windows AppLocker Driver (appid.sys) LPE
  ☆55Updated 8 months ago
• cocomelonc / offzone-2024-malware-persistence-workshop
  OFFZONE 2024 Malware Persistence workshop
  ☆17Updated 4 months ago
• Slowerzs / KeyJumper
  ☆43Updated last month
• YoavLevi / IAT-Tracer
  An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…
  ☆116Updated 9 months ago
• JanielDary / weetabix
  A C++ PoC implementation for enumerating Windows Fibers directly from memory
  ☆18Updated 11 months ago
• bluefrostsecurity / Windows-Drive-Remapping-EoP
  ☆29Updated last year
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆51Updated last year
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆151Updated 4 months ago
• nothingspecialforu / EvtPsst
  EvtPsst
  ☆53Updated last year
• joe-desimone / rep-research
  ☆72Updated 8 months ago
• jdu2600 / Etw-SyscallMonitor
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆76Updated last year
• Slowerzs / CryptDecryptMemory
  ☆30Updated 4 months ago
• exploits-forsale / CVE-2024-26218
  Proof-of-Concept for CVE-2024-26218
  ☆51Updated last year
• Reijaff / offensive_c
  ☆42Updated 2 years ago
• SafeBreach-Labs / MagicDot
  A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
  ☆98Updated last year
• xalicex / Unhook-Import-Address-Table
  Piece of code to detect and remove hooks in IAT
  ☆63Updated 2 years ago
• rad9800 / talks
  ☆35Updated last month
• susMdT / ForsHops
  ForsHops
  ☆41Updated last month
• ldpreload / werkernel
  Windows LPE Nday
  ☆25Updated last year
• SolomonSklash / COM-Hijacking
  An example of COM hijacking using a proxy DLL.
  ☆28Updated 3 years ago
• xforcered / Windows_MSKSSRV_LPE_CVE-2023-36802
  LPE exploit for CVE-2023-36802
  ☆22Updated last year
• CaptainNox / Hypnos
  A more reliable way of resolving syscall numbers in Windows
  ☆49Updated last year
• RussianPanda95 / IDAPython
  IDA Python scripts
  ☆35Updated 2 weeks ago
• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆74Updated last week
• 20urc3 / Aplos
  Aplos an extremely simple fuzzer for Windows binaries.
  ☆68Updated 2 months ago
• naksyn / talks
  Repo containing my public talks
  ☆23Updated last year
• 0x4d5a-ctf / 38c3_com_talk
  Slides for COM Hijacking AV/EDR Talk on 38c3
  ☆73Updated 3 months ago
• CarlosG13 / Process-Hypnosis-Debugger-assisted-control-flow-hijack
  ☆34Updated last year
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆39Updated last year