Self-mutating macOS implant
☆120Dec 18, 2025Updated 2 months ago
Alternatives and similar repositories for Aether
Users that are interested in Aether are comparing it to the libraries listed below
Sorting:
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 7 months ago
- Proof-of-concept code for understanding the allow-jit entitlement on macOS☆30Feb 19, 2026Updated 2 weeks ago
- BOF to decrypt Signal Desktop chat logs☆71Feb 20, 2025Updated last year
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆138Apr 6, 2025Updated 11 months ago
- A runtime for developing large-scale and complex shellcode.☆22Updated this week
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆124Jan 17, 2026Updated last month
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆64Apr 2, 2025Updated 11 months ago
- A hacky way of getting cross-arch/platform support in Cobalt Strike☆37Aug 31, 2025Updated 6 months ago
- A Mythic Agent written in PIC C.☆206Feb 4, 2025Updated last year
- ☆48Dec 5, 2025Updated 3 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- command control framework☆32Feb 28, 2026Updated last week
- Detect Remote Local Credentials Dumping using a Shadow Snapshot☆32Jan 27, 2025Updated last year
- ☆53Sep 23, 2025Updated 5 months ago
- ☆17Jan 9, 2025Updated last year
- Smart keylogging capability to steal SSH Credentials including password & Private Key☆152Mar 26, 2025Updated 11 months ago
- Updated version of a long known self deletion technique to work with 24H2.☆61Jun 9, 2025Updated 8 months ago
- A POC for developing BOFs for Sliver, Havoc, Cobalt Strike or most COFFLoaders in Rust.☆74Aug 24, 2025Updated 6 months ago
- Tools for analyzing EDR agents☆278Jun 10, 2024Updated last year
- Linux Process Injection via Seccomp Notifier☆84Dec 9, 2025Updated 2 months ago
- BOF with Synthetic Stackframe☆230Oct 30, 2025Updated 4 months ago
- Blog/Journal on how to backdoor VSCode extensions☆77Feb 24, 2026Updated last week
- Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons☆180Feb 11, 2026Updated 3 weeks ago
- A simple BOF that frees UDRLs☆122May 29, 2022Updated 3 years ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆209Dec 25, 2024Updated last year
- a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor☆110Mar 25, 2024Updated last year
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆41Dec 8, 2023Updated 2 years ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 10 months ago
- Call Stack Spoofing for Rust☆210Jan 28, 2026Updated last month
- Payload Generation Workflow☆40Jul 18, 2025Updated 7 months ago
- Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique☆20Dec 3, 2024Updated last year
- ASPX Web Shell with COFF Loader☆79Updated this week
- AzDevRecon is a powerful web-based enumeration tool for offensive security professionals, red teamers, and pentesters targeting Azure Dev…☆25Oct 13, 2025Updated 4 months ago
- A Reflective Loader for macOS☆147Jul 20, 2025Updated 7 months ago
- A powerful, modular, lightweight and efficient command & control framework written in Nim.☆221Nov 3, 2025Updated 4 months ago
- Find jmp gadgets for call stack spoofing.☆75Oct 1, 2025Updated 5 months ago
- Adversary Emulation Framework☆129Jul 1, 2025Updated 8 months ago
- SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.☆309Feb 16, 2026Updated 2 weeks ago
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago