Alternatives and similar repositories for UAC-bypass

Users that are interested in UAC-bypass are comparing it to the libraries listed below

• Plazmaz / LNKUp
  Generates malicious LNK file payloads for data exfiltration
  ☆422Updated 8 years ago
• threatexpress / metatwin
  The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into a…
  ☆352Updated 10 months ago
• outflanknl / NetshHelperBeacon
  Example DLL to load from Windows NetShell
  ☆182Updated 8 years ago
• it-gorillaz / lnk2pwn
  Malicious Shortcut(.lnk) Generator
  ☆196Updated 6 years ago
• FSecureLABS / Ninjasploit
  A meterpreter extension for applying hooks to avoid windows defender memory scans
  ☆249Updated 5 years ago
• outflanknl / SharpHide
  Tool to create hidden registry keys.
  ☆487Updated 5 years ago
• mandiant / DueDLLigence
  ☆479Updated 2 years ago
• EmpireProject / PSInject
  Inject PowerShell into any process
  ☆238Updated 6 years ago
• b4rtik / metasploit-execute-assembly
  Custom Metasploit post module to executing a .NET Assembly from Meterpreter session
  ☆346Updated 5 years ago
• paranoidninja / 0xdarkvortex-MalwareDevelopment
  This repo will contain code snippets for blogs: Malware on Steroids written by me at https://scriptdotsh.com/index.php/category/malware-d…
  ☆199Updated 5 years ago
• Kudaes / LOLBITS
  ** DISCONTINUED ** C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + …
  ☆217Updated 2 years ago
• bonnetn / vba-obfuscator
  2018 School project - PoC of malware code obfuscation in Word macros
  ☆153Updated 3 years ago
• padovah4ck / PSByPassCLM
  Bypass for PowerShell Constrained Language Mode
  ☆400Updated 3 years ago
• Flangvik / AMSI.fail
  C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.
  ☆418Updated last year
• Mr-Un1k0d3r / Windows-SignedBinary
  ☆257Updated 6 years ago
• S3cur3Th1sSh1t / Invoke-SharpLoader
  ☆363Updated 4 years ago
• slyd0g / PrimaryTokenTheft
  Steal a primary token and spawn cmd.exe using the stolen token
  ☆257Updated 4 years ago
• rasta-mouse / AmsiScanBufferBypass
  Bypass AMSI by patching AmsiScanBuffer
  ☆274Updated 4 years ago
• ReversecLabs / physmem2profit
  Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
  ☆421Updated 3 years ago
• Cybereason / siofra
  ☆494Updated 7 years ago
• ionescu007 / faxhell
  A Bind Shell Using the Fax Service and a DLL Hijack
  ☆331Updated 5 years ago
• samratashok / RACE
  RACE is a PowerShell module for executing ACL attacks against Windows targets.
  ☆231Updated 2 years ago
• S1ckB0y1337 / TokenPlayer
  Manipulating and Abusing Windows Access Tokens.
  ☆281Updated 4 years ago
• GhostPack / Lockless
  Lockless allows for the copying of locked files.
  ☆249Updated 4 years ago
• nccgroup / acCOMplice
  Tools for discovery and abuse of COM hijacks
  ☆328Updated 5 years ago
• decoder-it / psgetsystem
  getsystem via parent process using ps1 & embeded c#
  ☆436Updated last year
• p3nt4 / Nuages
  A modular C2 framework
  ☆487Updated last week
• christophetd / spoofing-office-macro
  PoC of a VBA macro spawning a process with a spoofed parent and command line.
  ☆382Updated 5 years ago
• PwnDexter / Invoke-EDRChecker
  Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…
  ☆269Updated last year
• karttoon / trigen
  Trigen is a Python script which uses different combinations of Win32 function calls in generated VBA to execute shellcode.
  ☆204Updated 8 years ago