Alternatives and similar repositories for scfw

Users that are interested in scfw are comparing it to the libraries listed below

• winterknife / SILVERPICK

  View on GitHub
  Windows User-Mode Shellcode Development Framework (WUMSDF)
  ☆123Nov 17, 2025Updated 2 months ago
• Print3M / epic

  View on GitHub
  PIC shellcode (C/C++) development toolkit designed for malware developers.
  ☆119Dec 23, 2025Updated last month
• outflanknl / seccomp-notify-injection

  View on GitHub
  Linux Process Injection via Seccomp Notifier
  ☆81Dec 9, 2025Updated 2 months ago
• 5tuk0v / PointyTokenz

  View on GitHub
  Windows Access token manipulation tool made in C#
  ☆24Aug 24, 2025Updated 5 months ago
• connormcgarr / SkBridge

  View on GitHub
  Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1
  ☆72Sep 8, 2025Updated 5 months ago
• Octoberfest7 / ThreadCPUAssignment_POC

  View on GitHub
  A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread
  ☆30Sep 24, 2025Updated 4 months ago
• Slowerzs / KeyJumper

  View on GitHub
  ☆53Mar 26, 2025Updated 10 months ago
• umpolungfish / byvalver

  View on GitHub
  takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities
  ☆57Updated this week
• Midi12 / whse

  View on GitHub
  WinHvShellcodeEmulator (WHSE) is a shellcode emulator leveraging the Windows Hypervisor Platform API
  ☆26Apr 24, 2022Updated 3 years ago
• floesen / KExecDD

  View on GitHub
  Admin to Kernel code execution using the KSecDD driver
  ☆264Apr 19, 2024Updated last year
• m3rcer / IRvana

  View on GitHub
  Slaying multi-language LLVM IR with obfuscation passes to achieve JIT execution
  ☆130Dec 24, 2025Updated last month
• zer0condition / checkhv_um

  View on GitHub
  tests to catch some sloppy hv impls
  ☆32Dec 17, 2025Updated last month
• itzmeanjan / sha3

  View on GitHub
  Compile-time Evaluable SHA3 in C++: Permutation-based Cryptographic Hashing
  ☆13Updated this week
• warpedatom / OffsetInspect

  View on GitHub
  PowerShell-based utility for mapping byte offsets to source code using hex and ASCII context for detection research and red team tooling.
  ☆31Dec 31, 2025Updated last month
• android1337 / brkida

  View on GitHub
  C++ macro for x64 programs that breaks ida hex-rays decompiler tool.
  ☆137Apr 12, 2024Updated last year
• ColeHouston / Sunder

  View on GitHub
  Windows rootkit designed to work with BYOVD exploits
  ☆214Jan 18, 2025Updated last year
• mmert11 / binaryshield-devirtualizer

  View on GitHub
  llvm powered deobfuscation of a vm-based protection
  ☆46Apr 18, 2025Updated 9 months ago
• Archie-osu / PowerHook

  View on GitHub
  Hooking KPRCB IdlePreselect function to gain execution inside PID 0.
  ☆73Apr 13, 2025Updated 10 months ago
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• thomasxm / Akira-obfuscator

  View on GitHub
  Another LLVM-obfuscator based on LLVM-17. A fork of Arkari
  ☆110Feb 18, 2024Updated last year
• gabriellandau / ShadowStackWalk

  View on GitHub
  Finding Truth in the Shadows
  ☆120Jan 26, 2023Updated 3 years ago
• OmerYa / ROP-From-Zero-to-Nation-State-In-25-Minutes

  View on GitHub
  Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)
  ☆16Sep 4, 2020Updated 5 years ago
• flankersky / WinStack

  View on GitHub
  Try to transport the tcpip stack of ReactOS to Windows XP.
  ☆17Feb 27, 2014Updated 11 years ago
• EgeBalci / deoptimizer

  View on GitHub
  Evasion by machine code de-optimization.
  ☆416Jul 22, 2024Updated last year
• therealdreg / ida_vmware_windows_gdb

  View on GitHub
  Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)
  ☆68Aug 11, 2023Updated 2 years ago
• wolfcod / beacondbg

  View on GitHub
  Beacon Debugger
  ☆55Oct 28, 2024Updated last year
• jonomango / pe-builder

  View on GitHub
  Header-only C++ library for producing PE files.
  ☆34Jun 17, 2023Updated 2 years ago
• Friends-Security / RedirectThread

  View on GitHub
  Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…
  ☆198Jun 17, 2025Updated 7 months ago
• alfarom256 / MinifilterResearch

  View on GitHub
  ☆16Oct 31, 2022Updated 3 years ago
• therealdreg / symseghelper

  View on GitHub
  Helper scripts for windows debugging with symbols for Bochs and IDA Pro (PDB files). Very handy for user mode <--> kernel mode
  ☆19Aug 11, 2023Updated 2 years ago
• Maldev-Academy / GhostlyHollowingViaTamperedSyscalls2

  View on GitHub
  ☆70Dec 26, 2025Updated last month
• xaitax / NTSleuth

  View on GitHub
  Comprehensive Windows Syscall Extraction & Analysis Framework
  ☆161Aug 30, 2025Updated 5 months ago
• Maldev-Academy / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆54May 12, 2025Updated 9 months ago
• cbwang505 / unicorn-whpx

  View on GitHub
  跨平台模拟执行unicorn框架基于Qemu的TCG模式(Tiny Code Generator),以无硬件虚拟化支持方式实现全系统的虚拟化,支持跨平台和架构的CPU指令模拟,本文讨论是一款笔者的实验性项目采用Windows Hypervisor Platform虚拟机模式…
  ☆78Dec 17, 2023Updated 2 years ago
• sensepost / pipetap

  View on GitHub
  A Windows Named Pipe Multi-tool / Proxy
  ☆287Dec 7, 2025Updated 2 months ago
• Peribunt / VPGATHER

  View on GitHub
  Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …
  ☆53Dec 30, 2025Updated last month
• mrexodia / zeromcp

  View on GitHub
  Zero-dependency MCP server implementation.
  ☆57Dec 4, 2025Updated 2 months ago
• 0xflux / Vectored-Exception-Handling-Squared

  View on GitHub
  Vectored Exception Handling Squared
  ☆29Dec 27, 2025Updated last month
• JLospinoso / doh

  View on GitHub
  A Privacy-Conscious, DNS-over-HTTP-Enabled, Blacklist-Incorporating SOCKS5 Proxy
  ☆30Feb 28, 2019Updated 6 years ago