Alternatives and similar repositories for DarkLnk

Users that are interested in DarkLnk are comparing it to the libraries listed below

• dr4ndrei / OHFFLdr

  View on GitHub
  One-header configurable C++20 COFF loader
  ☆21Jul 21, 2025Updated 6 months ago
• kapellos / LNKSmuggler

  View on GitHub
  A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.
  ☆92Jan 8, 2025Updated last year
• EricEsquivel / Inline-EA

  View on GitHub
  Cobalt Strike BOF for evasive .NET assembly execution
  ☆307Mar 31, 2025Updated 10 months ago
• rtecCyberSec / BitlockMove

  View on GitHub
  Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking
  ☆433Jun 27, 2025Updated 7 months ago
• praetorian-inc / turnt

  View on GitHub
  A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such …
  ☆385Aug 18, 2025Updated 5 months ago
• whokilleddb / sinister-vsix

  View on GitHub
  Blog/Journal on how to backdoor VSCode extensions
  ☆76Updated this week
• EvanMcBroom / sleepy

  View on GitHub
  A lexer and parser for Sleep
  ☆20May 14, 2025Updated 9 months ago
• Maldev-Academy / ExecutePeFromPngViaLNK

  View on GitHub
  Extract and execute a PE embedded within a PNG file using an LNK file.
  ☆466Nov 2, 2024Updated last year
• Teach2Breach / dll2shell

  View on GitHub
  converts sRDI compatible dlls to shellcode
  ☆35Jan 20, 2025Updated last year
• antroguy / GetAccessTokenWithSSOCookie

  View on GitHub
  ☆50Jun 4, 2025Updated 8 months ago
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆152Mar 25, 2025Updated 10 months ago
• mochabyte0x / TrampoLatte

  View on GitHub
  A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
  ☆18Jun 26, 2025Updated 7 months ago
• Maldev-Academy / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆54May 12, 2025Updated 9 months ago
• MEhrn00 / boflink

  View on GitHub
  Linker for Beacon Object Files
  ☆149Updated this week
• 0xRedpoll / ludus_cobaltstrike_teamserver

  View on GitHub
  Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers
  ☆18Mar 19, 2025Updated 10 months ago
• Tylous / FaceDancer

  View on GitHub
  FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loadi…
  ☆399Sep 26, 2024Updated last year
• Cipher7 / ChaiLdr

  View on GitHub
  AV bypass while you sip your Chai!
  ☆226May 17, 2024Updated last year
• Maldev-Academy / TrapFlagForSyscalling

  View on GitHub
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆139Aug 25, 2025Updated 5 months ago
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆678Oct 23, 2024Updated last year
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆220Oct 30, 2025Updated 3 months ago
• snovvcrash / RemoteRegSave

  View on GitHub
  A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host
  ☆41Dec 8, 2023Updated 2 years ago
• grayhatkiller / SharpExShell

  View on GitHub
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆75May 1, 2024Updated last year
• JumpsecLabs / WALK_WebAssembly_Lure_Krafter

  View on GitHub
  A web assembly (WASM) phishing lure generator based on pre-built templates and written in Rust with some GenAI assistance. W.A.L.K. aims …
  ☆99Sep 5, 2024Updated last year
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆155Jul 23, 2025Updated 6 months ago
• jfjallid / go-lsass

  View on GitHub
  Tool to aid in dumping LSASS process remotely
  ☆42Sep 23, 2025Updated 4 months ago
• EspressoCake / ADIDNS_Parser

  View on GitHub
  Parser and reconciliation tooling for large Active Directory environments.
  ☆33Feb 18, 2025Updated 11 months ago
• django-88 / NomadScanner

  View on GitHub
  ☆163Nov 19, 2025Updated 2 months ago
• joaoviictorti / coffeeldr

  View on GitHub
  A COFF Loader written in Rust
  ☆135Dec 1, 2025Updated 2 months ago
• vari-sh / RedTeamGrimoire

  View on GitHub
  🔥📜 Forbidden collection of Red Team sorcery 📜🔥
  ☆331Feb 5, 2026Updated last week
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆296Jul 31, 2024Updated last year
• ricardojoserf / NativeDump

  View on GitHub
  Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
  ☆698May 7, 2025Updated 9 months ago
• MythicAgents / Kharon-Mtc

  View on GitHub
  C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…
  ☆196Dec 30, 2025Updated last month
• AlmondOffSec / DCOMRunAs

  View on GitHub
  Lateral movement with DCOM DLL hijacking
  ☆176Jul 4, 2025Updated 7 months ago
• blurbdust / rainbowcrackalack

  View on GitHub
  Rainbow table generation & lookup tools.
  ☆30Dec 17, 2025Updated last month
• aitorfirm / BlackIris

  View on GitHub
  Thats it! An Open-Source Windows UEFI Rootkit
  ☆28Jul 19, 2025Updated 6 months ago
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆182Jan 17, 2026Updated 3 weeks ago
• ryanq47 / CS-EXTC2-ICMP

  View on GitHub
  An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.
  ☆114Oct 6, 2025Updated 4 months ago
• ElJaviLuki / CobaltStrike_OpenBeacon

  View on GitHub
  Fully functional, from-scratch alternative to the Cobalt Strike Beacon (red teaming tool), offering transparency and flexibility for secu…
  ☆259Mar 13, 2024Updated last year
• 0xNinjaCyclone / EarlyCascade

  View on GitHub
  A PoC for Early Cascade process injection technique.
  ☆208Jan 30, 2025Updated last year