Alternatives and similar repositories for exe_who

Users that are interested in exe_who are comparing it to the libraries listed below

• Mr-Un1k0d3r / Cookie-and-Handle-Stealer

  View on GitHub
  C or BOF file to extract WebKit master key to decrypt user cookie
  ☆207Apr 29, 2024Updated last year
• MrAle98 / BOF-RunPE

  View on GitHub
  ☆57Apr 19, 2023Updated 2 years ago
• mez-0 / InMemoryNET

  View on GitHub
  Exploring in-memory execution of .NET
  ☆138Apr 20, 2022Updated 3 years ago
• whokilleddb / injection-for-dummies

  View on GitHub
  A collection of PoCs for different injection techniques on Windows!
  ☆49Aug 27, 2023Updated 2 years ago
• memN0ps / venom-rs

  View on GitHub
  Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)
  ☆360Mar 2, 2024Updated last year
• NUL0x4C / KnownDllUnhook

  View on GitHub
  Replace the .txt section of the current loaded modules from \KnownDlls\
  ☆305Sep 28, 2022Updated 3 years ago
• Ben-Lichtman / reloader

  View on GitHub
  Reflective DLL self-loading as a library
  ☆21May 3, 2025Updated 9 months ago
• CodeXTF2 / WindowSpy

  View on GitHub
  WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
  ☆281Feb 24, 2025Updated 11 months ago
• Crypt0s / DelegationBOF

  View on GitHub
  ☆142May 4, 2022Updated 3 years ago
• Octoberfest7 / Cohab_Processes

  View on GitHub
  A small Aggressor script to help Red Teams identify foreign processes on a host machine
  ☆84Jan 6, 2023Updated 3 years ago
• rkbennett / pybof

  View on GitHub
  Python module for running BOFs
  ☆79Nov 28, 2025Updated 2 months ago
• GetRektBoy724 / SyscallShuffler

  View on GitHub
  Your NTDLL vaccine from modern direct syscall methods.
  ☆36Apr 5, 2022Updated 3 years ago
• PhrozenIO / SharpShellPipe

  View on GitHub
  This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.
  ☆122Feb 21, 2025Updated 11 months ago
• crypt0p3g / bof-collection

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆186Dec 5, 2022Updated 3 years ago
• Signal-Labs / iat_unhook_sample

  View on GitHub
  (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…
  ☆136Mar 3, 2025Updated 11 months ago
• Kudaes / RustChain

  View on GitHub
  Hide memory artifacts using ROP and hardware breakpoints.
  ☆147Oct 20, 2023Updated 2 years ago
• fortalice / bofhound

  View on GitHub
  Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
  ☆387Feb 23, 2024Updated last year
• garrettfoster13 / aced

  View on GitHub
  ☆197Aug 28, 2025Updated 5 months ago
• Bw3ll / ShellWasp

  View on GitHub
  ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…
  ☆171Aug 1, 2023Updated 2 years ago
• mgeeky / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆14Sep 18, 2021Updated 4 years ago
• OccamsXor / Dragnmove

  View on GitHub
  Infect Shared Files In Memory for Lateral Movement
  ☆196Dec 14, 2022Updated 3 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• georgesotiriadis / Chimera

  View on GitHub
  Automated DLL Sideloading Tool With EDR Evasion Capabilities
  ☆502Dec 19, 2023Updated 2 years ago
• EspressoCake / BOF_Development_Docker

  View on GitHub
  A VSCode devcontainer for development of COFF files with batteries included.
  ☆50Jul 10, 2023Updated 2 years ago
• mgeeky / ElusiveMice

  View on GitHub
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆482Jul 12, 2023Updated 2 years ago
• CymulateResearch / Blindside

  View on GitHub
  Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
  ☆134Dec 20, 2022Updated 3 years ago
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆321Jul 2, 2023Updated 2 years ago
• 0x00Check / ExploitLeakedHandle

  View on GitHub
  Identify and exploit leaked handles for local privilege escalation.
  ☆111Jun 19, 2023Updated 2 years ago
• crummie5 / Freshycalls_PoC

  View on GitHub
  A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯
  ☆38Dec 13, 2020Updated 5 years ago
• joaoviictorti / rustclr

  View on GitHub
  Host CLR and run .NET binaries using Rust
  ☆149Dec 23, 2025Updated last month
• rad9800 / WTSRM2

  View on GitHub
  ☆164Dec 30, 2022Updated 3 years ago
• Allevon412 / BreadManModuleStomping

  View on GitHub
  ☆44Oct 16, 2023Updated 2 years ago
• praetorian-inc / ADFSRelay

  View on GitHub
  Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS
  ☆187Jun 22, 2022Updated 3 years ago
• Haunted-Banshee / ErebusGate

  View on GitHub
  ErebusGate for Nim Bypass AV/EDR
  ☆164Nov 7, 2022Updated 3 years ago
• Kudaes / Split

  View on GitHub
  Apply a divide and conquer approach to bypass EDRs
  ☆287Oct 19, 2023Updated 2 years ago
• icyguider / LightsOut

  View on GitHub
  Generate an obfuscated DLL that will disable AMSI & ETW
  ☆329Jul 15, 2024Updated last year
• zimawhit3 / Bitmancer

  View on GitHub
  Nim Library for Offensive Security Development
  ☆197Sep 4, 2023Updated 2 years ago
• pwn1sher / frostbyte

  View on GitHub
  FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads
  ☆386Apr 16, 2022Updated 3 years ago