Alternatives and similar repositories for AMSI_Lines

Users that are interested in AMSI_Lines are comparing it to the libraries listed below

• mertdas / SharpLateral
  Lateral Movement
  ☆125Updated last year
• Octoberfest7 / Presentations
  Slide decks and/or materials from conference presentations
  ☆56Updated 2 years ago
• foxlox / hypobrychium
  Duplicate not owned Token from Running Process
  ☆72Updated last year
• susMdT / SharpAgent
  C# havoc implant
  ☆99Updated 2 years ago
• HuskyHacks / SharpTokenFinder
  C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
  ☆139Updated 10 months ago
• CodeXTF2 / PyHmmm
  Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …
  ☆80Updated last year
• kymb0 / Stealth_shellcode_runners
  ☆56Updated last year
• powerseb / PowerExtract
  ☆117Updated 2 months ago
• ChoiSG / OneDriveUpdaterSideloading
  Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post
  ☆94Updated 2 years ago
• naksyn / ProcessStomping
  A variation of ProcessOverwriting to execute shellcode on an executable's section
  ☆148Updated last year
• amauricio / junkshell
  ☆69Updated 2 months ago
• pwnsauc3 / RWXfinder
  The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section
  ☆102Updated last year
• NotMedic / Invoke-Nanodump
  HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection
  ☆56Updated 3 years ago
• 0xAbdullah / Offensive-Snippets
  A repository with my code snippets for research/education purposes.
  ☆50Updated last year
• VirtualAlllocEx / Taskschedule-Persistence-Download-Cradles
  Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
  ☆86Updated 2 years ago
• rasta-mouse / SpawnWith
  ☆107Updated 3 months ago
• n00py / GetFGPP
  Get Fine Grained Password Policy
  ☆70Updated last month
• danti1988 / adcshunter
  Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.
  ☆80Updated 8 months ago
• myexploit / living_off_the_land
  ☆44Updated 10 months ago
• yehia-mamdouh / Shell3er
  PowerShell Reverse Shell
  ☆78Updated 2 years ago
• scottctaylor12 / Red-Lambda
  Leveraging AWS Lambda Function URLs for C2 Redirection
  ☆33Updated last year
• termanix / TokenElevation
  Token Elevation to authorized user as SYSTEM or Domain Admins
  ☆23Updated 2 years ago
• RayRRT / Active-Directory-Certificate-Services-abuse
  ☆50Updated 2 years ago
• MaorSabag / SideLoadingDLL
  Do some DLL SideLoading magic
  ☆83Updated last year
• smokeme / ansible-havoc
  Scripts I use to deploy Havoc on Linode and setup categorization and SSL
  ☆40Updated last year
• Maldev-Academy / DRMBinViaOrdinalImports
  Create Anti-Copy DRM Malware
  ☆57Updated 9 months ago
• CultCornholio / RedTeamTP
  ☆60Updated 2 weeks ago
• OmriBaso / WTSImpersonator
  WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"
  ☆119Updated 11 months ago
• 0xe7 / RoastInTheMiddle
  ☆71Updated last year
• ghost-ng / slinger
  An impacket-lite cli tool that combines many useful impacket functions using a single session.
  ☆48Updated 3 weeks ago