Proof of concept to detect module stomping detection by looking for modified .pdata sections.
☆39Jun 11, 2026Updated last month
Alternatives and similar repositories for ModuleStomped
Users that are interested in ModuleStomped are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This repository contains the research tool presented at x33fcon 2026, along with the associated presentation slides. The content is made …☆62Jun 15, 2026Updated 3 weeks ago
- open source implementation of the UDC2 spec used in Cobalt Strike☆54Jul 4, 2026Updated last week
- Stack spoofing Detection for CET processes by comparing shadow and user stacks.☆36May 22, 2026Updated last month
- A compiled language for Windows position-independent x86-64 shellcode and Beacon Object Files.☆170Jun 28, 2026Updated 2 weeks ago
- Another new coercion primitive with LPE - machine-account NTLM coercion from a non-admin user via Windows Store InstallService plugin res…☆86Jun 20, 2026Updated 3 weeks ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Reversed cassandra source code for educational purposes☆28Jul 3, 2026Updated last week
- .NET process monitor that hooks CLR at the native layer, dumps reflective assemblies from memory, and checks AMSI/ETW integrity vs on dis…☆39Updated this week
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.☆84Jun 15, 2026Updated 3 weeks ago
- Bring your own Unwind Data Framework☆156Mar 15, 2026Updated 4 months ago
- ☆22May 19, 2026Updated last month
- bring your own clean ntdll (or other MS dlls)☆29Jul 14, 2025Updated last year
- Activation Context Hijacking Evasion Tool☆293Jun 17, 2026Updated 3 weeks ago
- DCOM in memory and fileless lateral movement techniques through .Net deserilization☆272Jun 22, 2026Updated 3 weeks ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Atomic test units for BOF execution☆60Apr 26, 2026Updated 2 months ago
- Reimplementing Havoc Pro Runtime Channel Switching and Cobalt Strike UDC2 features.☆46Jun 23, 2026Updated 3 weeks ago
- Windows native ETW inspection suite for browsing providers, reading metadata, consuming live events, recording ETL traces, filtering resu…☆86Jun 27, 2026Updated 2 weeks ago
- BOF with Synthetic Stackframe☆255Oct 30, 2025Updated 8 months ago
- Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. Project Onyx is a PoC Red Team pipeline designed to demonstrate advance…☆113Jun 30, 2026Updated 2 weeks ago
- EDRUnChoker - fileless WMI defense that removes EDRChoker QoS throttling policies☆43Jun 8, 2026Updated last month
- Smuggling C2 comms through links previews☆18Jun 17, 2026Updated 3 weeks ago
- Busybox-style Beacon Object Files for *nix post-exploitation. Reimplements common Unix utilities as BOFs for use in stripped environments…☆81Jul 5, 2026Updated last week
- .NET CLR-Stomping☆146May 20, 2026Updated last month
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Active Directory time discovery protocols for red teams. Stealthy extraction via Kerberos, SMB, NTLM, and CLDAP.☆71Updated this week
- User-mode ETW interception and telemetry manipulation lab for Windows security research.☆42Jun 15, 2026Updated 3 weeks ago
- Bof of RegPwn by MDSec☆127Mar 15, 2026Updated 3 months ago
- Windows memory scanner for call stack spoofing detection, unbacked shellcode, injected DLLs and in-memory C2 implants.☆37May 22, 2026Updated last month
- Havoc BOF implementation of BYOVD attack to terminate PPL-protected EDR processes using a signed Microsoft kernel driver.☆39Apr 6, 2026Updated 3 months ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- A Rust template for writing Beacon Object Files (BOFs)☆128Feb 11, 2026Updated 5 months ago
- External C2 is a specification to allow third-party programs to act as a communication layer for Cobalt Strike’s Beacon payload.☆19Jul 17, 2025Updated 11 months ago
- A BOF to enumerate system process, their protection levels, and more.☆126Nov 27, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.☆46Jun 18, 2026Updated 3 weeks ago
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago
- Microsoft Graph API post-exploitation framework with a browser-based GUI.☆51Apr 15, 2026Updated 3 months ago
- Sleep obfuscation☆275Dec 13, 2024Updated last year
- Linker for Beacon Object Files☆191Jun 27, 2026Updated 2 weeks ago
- early cascade injection PoC based on Outflanks blog post☆240Nov 7, 2024Updated last year
- DynLoader A modular Windows loader focused on EDR evasion Built with indirect syscall (Tartarus Gate / Hell’s Gate), Manual PE parsing …☆56Updated this week