Alternatives and similar repositories for donut-decryptor

Users that are interested in donut-decryptor are comparing it to the libraries listed below

• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆100Oct 7, 2023Updated 2 years ago
• joe-desimone / patriot

  View on GitHub
  ☆153Jul 31, 2022Updated 3 years ago
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆408Jan 11, 2026Updated last month
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• matterpreter / cpuid

  View on GitHub
  A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class
  ☆27Sep 15, 2023Updated 2 years ago
• rasta-mouse / CsWhispers

  View on GitHub
  Source generator to add D/Invoke and indirect syscall methods to a C# project.
  ☆186Mar 4, 2024Updated last year
• zimnyaa / LEOPARDSEAL

  View on GitHub
  A simple Linux in-memory .so loader
  ☆33Mar 29, 2023Updated 2 years ago
• EspressoCake / ADIDNS_Parser

  View on GitHub
  Parser and reconciliation tooling for large Active Directory environments.
  ☆33Feb 18, 2025Updated 11 months ago
• decoder-it / TokenStealer

  View on GitHub
  ☆163Oct 25, 2023Updated 2 years ago
• elastic / Silhouette

  View on GitHub
  Keep it secret, keep it safe
  ☆80Feb 6, 2025Updated last year
• oldboy21 / SHGenOb

  View on GitHub
  Python based tool for generating Shellcode from PIC C
  ☆43Nov 6, 2025Updated 3 months ago
• 0xthirteen / reg_snake

  View on GitHub
  Python tool to interact with WMI StdRegProv
  ☆60Nov 19, 2024Updated last year
• HullaBrian / COMmander

  View on GitHub
  .NET tool used to enrich RPC telemetry
  ☆101Jan 24, 2026Updated 2 weeks ago
• 0xflux / Vectored-Exception-Handling-Squared

  View on GitHub
  Vectored Exception Handling Squared
  ☆29Dec 27, 2025Updated last month
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆106Aug 21, 2024Updated last year
• thefLink / Hunt-Weird-ImageLoads

  View on GitHub
  Small tool to play with IOCs caused by Imageload events
  ☆44May 14, 2023Updated 2 years ago
• byt3bl33d3r / NimDllSideload

  View on GitHub
  DLL sideloading/proxying with Nim!
  ☆175Dec 4, 2022Updated 3 years ago
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆609Jan 2, 2025Updated last year
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• knight0x07 / BumbleCrypt

  View on GitHub
  A Bumblebee-inspired Crypter
  ☆80Dec 5, 2022Updated 3 years ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆243Sep 26, 2023Updated 2 years ago
• susMdT / LoudSunRun

  View on GitHub
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆253Oct 16, 2024Updated last year
• x0reaxeax / PageSplit

  View on GitHub
  Splitting and executing shellcode across multiple pages
  ☆103Jun 8, 2023Updated 2 years ago
• pygrum / gimmick

  View on GitHub
  Section-based payload obfuscation technique for x64
  ☆64Aug 8, 2024Updated last year
• REDMED-X / InjectKit

  View on GitHub
  Modified versions of the Cobalt Strike Process Injection Kit
  ☆105Jan 24, 2024Updated 2 years ago
• Cracked5pider / LdrLibraryEx

  View on GitHub
  A small x64 library to load dll's into memory.
  ☆455Nov 6, 2023Updated 2 years ago
• itaymigdal / GhostNap

  View on GitHub
  Sleep obfuscation for shellcode implants and their reflective shit
  ☆53Sep 19, 2023Updated 2 years ago
• CognisysGroup / SweetDreams

  View on GitHub
  Implementation of Advanced Module Stomping and Heap/Stack Encryption
  ☆225Jul 25, 2023Updated 2 years ago
• Helixo32 / NimReflectiveLoader

  View on GitHub
  NimReflectiveLoader is a Nim-based tool for in-memory DLL execution using Reflective DLL Loading.
  ☆30Jan 21, 2024Updated 2 years ago
• bananabr / CLRInjector

  View on GitHub
  A PoC .NET-specific process injection tool
  ☆57Mar 17, 2024Updated last year
• cpu0x00 / SharpReflectivePEInjection

  View on GitHub
  reflectively load and execute PEs locally and remotely bypassing EDR hooks
  ☆164Jan 4, 2024Updated 2 years ago
• zimnyaa / stoplooking

  View on GitHub
  A simple BOF that disables some logging with NtSetInformationProcess
  ☆13Oct 13, 2023Updated 2 years ago
• bohops / DynamicDotNet

  View on GitHub
  A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
  ☆146May 18, 2024Updated last year
• outflanknl / edr-internals

  View on GitHub
  Tools for analyzing EDR agents
  ☆277Jun 10, 2024Updated last year
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆325Apr 12, 2024Updated last year
• S3cur3Th1sSh1t / NimShellcodeFluctuation

  View on GitHub
  ShellcodeFluctuation PoC ported to Nim
  ☆79Oct 14, 2022Updated 3 years ago
• naksyn / ProcessStomping

  View on GitHub
  A variation of ProcessOverwriting to execute shellcode on an executable's section
  ☆148Dec 16, 2023Updated 2 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆246Jul 9, 2024Updated last year
• Dec0ne / DllNotificationInjection

  View on GitHub
  A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…
  ☆465Aug 23, 2023Updated 2 years ago