Reimplementing Havoc Pro Runtime Channel Switching and Cobalt Strike UDC2 features.
☆46Jun 23, 2026Updated 3 weeks ago
Alternatives and similar repositories for TinyC2
Users that are interested in TinyC2 are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Busybox-style Beacon Object Files for *nix post-exploitation. Reimplements common Unix utilities as BOFs for use in stripped environments…☆81Jul 5, 2026Updated last week
- A Cobalt Strike Beacon Object File that exploits the BlueHammer vulnerability that to obtain a copy of the SAM database.☆166Apr 15, 2026Updated 2 months ago
- open source implementation of the UDC2 spec used in Cobalt Strike☆54Jul 4, 2026Updated last week
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Rusty DoublePulsar - Cobalt Strike User-Defined Reflective Loader (UDRL) in Rust (Codename: DoublePulsar)☆113May 14, 2026Updated 2 months ago
- A small set of Beacon Object Files (BOFs) that I developed over the time with a Magic: The Gathering theme.☆21Jul 15, 2025Updated last year
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆142Apr 22, 2026Updated 2 months ago
- Active Directory forensic framework☆16May 18, 2026Updated last month
- Microsoft Graph API post-exploitation framework with a browser-based GUI.☆51Apr 15, 2026Updated 3 months ago
- .NET CLR-Stomping☆146May 20, 2026Updated last month
- Async BOF to monitor and detect clipboard changes on a target system and return the clipboard contents.☆22May 5, 2026Updated 2 months ago
- ☆70Apr 20, 2026Updated 2 months ago
- Async PICO Hub is a work-in-progress framework to extend Cobalt Strike with custom event monitoring and in-process Asynchronous BOFs☆23Jun 4, 2026Updated last month
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Memory API proxy via signed mozglue.dll☆40Jun 25, 2026Updated 2 weeks ago
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself☆97Apr 9, 2026Updated 3 months ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 3 years ago
- Bof of RegPwn by MDSec☆127Mar 15, 2026Updated 3 months ago
- Activation Context Hijacking Evasion Tool☆293Jun 17, 2026Updated 3 weeks ago
- Proof of concept to detect module stomping detection by looking for modified .pdata sections.☆39Jun 11, 2026Updated last month
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…☆87Nov 6, 2025Updated 8 months ago
- This repository contains the research tool presented at x33fcon 2026, along with the associated presentation slides. The content is made …☆62Jun 15, 2026Updated 3 weeks ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Manipulation of Toast Notifications to social engineer the user to visit links, harvest credentials etc.☆47Mar 24, 2026Updated 3 months ago
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- Set of PoC to abuse Windows minifilters functionality☆93May 1, 2026Updated 2 months ago
- Crystal Palace Evasion kit for Sliver☆96Jun 13, 2026Updated last month
- A credential extraction BOF for Veeam Backup and Replication and Veeam One☆78Jul 1, 2026Updated last week
- Proof-of-concept implementation of AI-enabled postex DLLs☆95Sep 10, 2025Updated 10 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated last year
- Aliasr is a modern, feature-rich TUI launcher for pentest commands.☆113Apr 23, 2026Updated 2 months ago
- BOF to run PE in Cobalt Strike Beacon without console creation☆199Nov 23, 2025Updated 7 months ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Rusty Armory - Beacon Object Files (BOFs) in Rust (Codename: Armory)☆69Apr 3, 2026Updated 3 months ago
- Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.☆46Jun 18, 2026Updated 3 weeks ago
- Stack spoofing Detection for CET processes by comparing shadow and user stacks.☆36May 22, 2026Updated last month
- Bring your own Unwind Data Framework☆156Mar 15, 2026Updated 4 months ago
- A simple OAuth App designed to capture OAuth tokens when users authenticate through GitHub OAuth flow.☆25Apr 20, 2026Updated 2 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆155Apr 18, 2025Updated last year
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆107Jan 10, 2026Updated 6 months ago