ThreatCheck
Identifies the bytes that Microsoft Defender / AMSI Consumer flags on. (by rasta-mouse)
donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters (by TheWover)
ThreatCheck | donut | |
---|---|---|
3 | 4 | |
929 | 3,245 | |
- | - | |
0.0 | 0.0 | |
2 months ago | about 1 month ago | |
C# | C | |
- | BSD 3-clause "New" or "Revised" License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ThreatCheck
Posts with mentions or reviews of ThreatCheck.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-09-13.
-
BEST KALI TOOL TO MAKE UNDETECTABLE BACKDOOR 2022?
ThreatCheck -- tool that can show you exactly what bytes in an executable are triggering windows defender and a few other AV solutions.
-
Anyone else having trouble bypassing Defender since yesterday?
Also ThreatCheck by RastaMouse https://github.com/rasta-mouse/ThreatCheck
-
How does a hacker test his malware against his target without getting caught?
This is just one tool in the toolbox. But it's only for Defender. Other EDR solutions may still detect your payload. https://github.com/rasta-mouse/ThreatCheck
donut
Posts with mentions or reviews of donut.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-08-27.
-
Bypassing Windows Defender (10 Ways)
The Donut project by TheWover is a very effective Position-Independent shellcode generator from PEs/DLLs. Depending on the input file given, it works different ways. For this PoC I will be using Mimikatz, so let us see how it works at a high level. From a brief look at the code, this would be the main routine of the Donut.exe executable tool:
-
Cannot Load .NET assemblies in memory!
Note that I used the loader from donut and it worked as expected! What am I doing wrong here people?
-
BEST KALI TOOL TO MAKE UNDETECTABLE BACKDOOR 2022?
Donut -- tool to convert (certain, very simple, non-.NET) PE files into shellcode.
- Does anyone know any good x64 shellcode loaders?
What are some alternatives?
When comparing ThreatCheck and donut you can also consider the following projects:
DefenderCheck - Identifies the bytes that Microsoft Defender flags on.
DripLoader - Evasive shellcode loader for bypassing event-based injection detection (PoC)