AceLdr
Cobalt Strike UDRL for memory scanner evasion. (by kyleavery)
SigThief
Stealing Signatures and Making One Invalid Signature at a Time (by secretsquirrel)
AceLdr | SigThief | |
---|---|---|
2 | 2 | |
824 | 1,943 | |
- | - | |
1.4 | 10.0 | |
10 days ago | almost 3 years ago | |
C | Python | |
MIT License | BSD 3-clause "New" or "Revised" License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
AceLdr
Posts with mentions or reviews of AceLdr.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-04-16.
-
Red team engagement help!
But I do always healthy recommend writing a custom DLL loader for your payloads. And with CS, make sure you’re using a custom reflective loader. Something like AceLDR https://github.com/kyleavery/AceLdr
- AceLdr: Cobalt Strike UDRL for memory scanner evasion.
SigThief
Posts with mentions or reviews of SigThief.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-03-05.
-
Hackers exploited Windows 0-day for 6 months after Microsoft knew of it
> To work with supported versions of Windows, third-party drivers must first be digitally signed by Microsoft to certify that they are trustworthy and meet security requirements.
That’s a very bold statement when you can replicate a signature, so now the malware is “trustworthy” https://github.com/secretsquirrel/SigThief
-
Red team engagement help!
I think this is also similar to this https://github.com/secretsquirrel/SigThief
What are some alternatives?
When comparing AceLdr and SigThief you can also consider the following projects:
Limelighter - A tool for generating fake code signing certificates or signing real ones
Freeze - Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
NSGenCS - Extendable payload obfuscation and delivery framework
EDRs
ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
CarbonCopy - A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux