Alternatives and similar repositories for windows-dll-env-hijacking

Users that are interested in windows-dll-env-hijacking are comparing it to the libraries listed below

• VirtualAlllocEx / Taskschedule-Persistence-Download-Cradles
  Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
  ☆86Updated 2 years ago
• CodeXTF2 / HavocNotion
  A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally …
  ☆86Updated 2 years ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆88Updated 2 years ago
• CodeXTF2 / PyHmmm
  Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …
  ☆80Updated last year
• Wh04m1001 / DiagTrackEoP
  ☆88Updated 2 years ago
• leftp / DPAPISnoop
  A C# tool to output crackable DPAPI hashes from user MasterKeys
  ☆134Updated 8 months ago
• CodeXTF2 / cobaltstrike-headless
  Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.
  ☆149Updated 2 years ago
• plackyhacker / Peruns-Fart
  Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.
  ☆107Updated 3 years ago
• susMdT / SharpAgent
  C# havoc implant
  ☆99Updated 2 years ago
• tothi / stager_libpeconv
  A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading
  ☆84Updated 2 years ago
• eversinc33 / Godmode
  Tool for playing with Windows Access Token manipulation.
  ☆54Updated 2 years ago
• 0x00Check / ExploitLeakedHandle
  Identify and exploit leaked handles for local privilege escalation.
  ☆107Updated last year
• xpn / ntlmquic
  POC tools for exploring SMB over QUIC protocol
  ☆123Updated 3 years ago
• Cobalt-Strike / unhook-bof
  Remove API hooks from a Beacon process.
  ☆57Updated 3 years ago
• rasta-mouse / ExternalC2.NET
  .NET implementation of Cobalt Strike's External C2 Spec
  ☆86Updated 3 years ago
• RiccardoAncarani / TaskShell
  ☆56Updated 4 years ago
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆72Updated last month
• notdodo / adduser-dll
  Simple DLL that add a user to the local Administrators group
  ☆77Updated 3 years ago
• pracsec / AmsiScanner
  A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.
  ☆62Updated last year
• mgeeky / msi-shenanigans
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆81Updated 2 years ago
• iamagarre / BadExclusionsNWBO
  BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
  ☆76Updated last year
• xforcered / Detect-Hooks
  Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
  ☆101Updated 3 years ago
• codewhitesec / SysmonEnte
  ☆76Updated 2 years ago
• zimawhit3 / HellsGateNim
  A quick example of the Hells Gate technique in Nim
  ☆95Updated 3 years ago
• 0xsp-SRD / callback_injection-Csharp
  this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…
  ☆86Updated 2 years ago
• klezVirus / NimlineWhispers3
  A tool for converting SysWhispers3 syscalls for use with Nim projects
  ☆146Updated 2 years ago
• praetorian-inc / ADFSRelay
  Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS
  ☆184Updated 2 years ago
• MythicC2Profiles / http
  Simple HTTP async comms using standard GET/POST requests
  ☆33Updated 2 months ago
• apokryptein / secinject
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆95Updated 3 years ago
• 0xsp-SRD / 0xsp.com
  a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab
  ☆63Updated 4 months ago