Alternatives and similar repositories for tradecraft

Users that are interested in tradecraft are comparing it to the libraries listed below

• reecdeep / hollowise
  Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …
  ☆36Updated 4 months ago
• zero2504 / FrostLock-Injection
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆25Updated 2 months ago
• Crowdfense / CVE-2024-21338
  Windows AppLocker Driver (appid.sys) LPE
  ☆62Updated 10 months ago
• outflanknl / Training-MSOfficeOffensiveTradecraft
  Info related to the Outflank training: Microsoft Office Offensive Tradecraft
  ☆52Updated last year
• xelemental / Mal-LNK-Generator
  ☆34Updated 2 months ago
• cbwang505 / FilesystemEoPDesktopSystemShell
  Folder Or File Delete to Get System Shell on Current Session Desktop
  ☆39Updated 5 months ago
• naksyn / talks
  Repo containing my public talks
  ☆23Updated 2 years ago
• joe-desimone / rep-research
  ☆75Updated 10 months ago
• CaptainNox / Hypnos
  A more reliable way of resolving syscall numbers in Windows
  ☆49Updated last year
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆38Updated 11 months ago
• klezVirus / koppeling-p
  Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
  ☆78Updated 10 months ago
• SafeBreach-Labs / MagicDot
  A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
  ☆100Updated last year
• Pascal-0x90 / sideloadr
  Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).
  ☆57Updated 2 years ago
• Dump-GUY / Get-PDInvokeImports
  Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…
  ☆54Updated 3 years ago
• Offensive-Panda / DV_NEW
  This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)
  ☆48Updated last year
• RussianPanda95 / IDAPython
  IDA Python scripts
  ☆37Updated 2 months ago
• YoavLevi / IAT-Tracer
  An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…
  ☆116Updated 11 months ago
• itaymigdal / PichichiH0ll0wer
  Nim process hollowing loader
  ☆57Updated 10 months ago
• Slowerzs / KeyJumper
  ☆48Updated 3 months ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated 2 years ago
• cod3nym / Ghosting-AMSI
  Ghosting-AMSI
  ☆17Updated last month
• 0xTriboulet / T-70
  A proof-of-concept shellcode loader that leverages AI/ML face recognition models to verify the identity of a user on a target system
  ☆39Updated 7 months ago
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆51Updated last year
• peiga / DumpThatLSASS
  Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation
  ☆31Updated 2 years ago
• Wh04m1001 / GamingServiceEoP5
  ☆28Updated last year
• Mr-Un1k0d3r / BOFCode
  Bunch of BOF files
  ☆32Updated 6 months ago
• HullaBrian / COMmander
  .NET tool used to enrich RPC telemetry
  ☆62Updated last week
• OffenseTeacher / Steganim
  ☆48Updated 2 years ago
• V-i-x-x / win11-kernel-execution-syscall-hijack
  ☆25Updated last week
• a7t0fwa7 / SymProcSleuth
  A pure C version of SymProcAddress
  ☆27Updated last year