30 open-source projects similar to fuzzysecurity/sharp-suite, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Sharp Suite alternative.
LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro
Unicorn is a collection of utilities for generating malicious HTA files, VBA macros, encoded PowerShell commands, and memory-resident shellcode injection frameworks. It provides tools to create payloads designed to achieve remote code execution by bypassing security controls. The project focuses on weaponizing office documents through VBA macros and formulas, generating HTA attack vectors, and creating encoded PowerShell payloads. It includes a shellcode injection framework to wrap external shellcode for direct execution in system memory. The toolkit covers binary-to-base64 conversion for ce
This program is designed to demonstrate various process injection techniques
The goal of this repository is to document the most common techniques to bypass AppLocker.
unDefender is the C++ implementation of a technique originally described by @jonasLyk in this Twitter thread. At its core, this technique revolves around changing the \Device\BootDevice symbolic link in the Windows Object Manager so that when Defender's WdFilter driver is unloaded and loaded…
This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging.
KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender which is based on research by Gabriel Landau. The article can be found here.
LoadLibrary for offensive operations
Loads any C# binary from filepath or url, patching AMSI and unhooks ETW
C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll, kernel32.dll, advapi32.dll, and kernelbase.dll). SharpUnhooker helps you to evades user-land monitoring done by AVs and/or EDRs by cleansing/refreshing API DLLs that loaded on the process (Offensive Side) or remove API…
Svchost is essential in the implementation of so-called shared service processes, where a number of services can share a process in order to reduce resource consumption. Grouping multiple services into a single process conserves computing resources, and this consideration was of particular…
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array. After…
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls.
Example code for EDR bypassing, please use this for testing blue team detection capabilities against this type of malware that will bypass EDR's userland hooks. Code is a bit spaghetti-like at the moment and serves only as a PoC. Not for malicious use. Note that this particular code was tested…
A position-independent reflective loader for Cobalt Strike. Zero results from Hunt-Sleeping-Beacons, BeaconHunter, BeaconEye, Patriot, Moneta, PE-sieve, or MalMemDetect.
A memory-based evasion technique which makes shellcode invisible from process start to end.
A beacon object file implementation of PoolParty Process Injection Technique by @SafeBreach and @0xDeku, that abuses Windows Thread Pools. The BOF supports the 5 technique/variant: - Insert TPIO work item to the target process's thread pool. - Insert TPALPC work item to the target process's…