AlmondOffSec/LibTPLoadLib

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/AlmondOffSec/LibTPLoadLib)

AlmondOffSec / LibTPLoadLib

Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared library. Format inspired by @rasta-mouse's LibTP.

☆75

Alternatives and similar repositories for LibTPLoadLib

Users that are interested in LibTPLoadLib are comparing it to the libraries listed below

Sorting:

EvilBytecode / ExitPatcher
View on GitHub
Prevent in-process process termination by patching exit APIs
☆63Nov 9, 2025Updated 3 months ago
mwnickerson / COMHijackBOF
View on GitHub
☆39Nov 25, 2025Updated 3 months ago
Adaptix-Framework / templates-extender
View on GitHub
Templates for developing your own listeners and agents for AdaptixC2.
☆44Feb 3, 2026Updated 3 weeks ago
pard0p / Remote-BOF-Runner
View on GitHub
Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …
☆89Jan 2, 2026Updated last month
rasta-mouse / LibTP
View on GitHub
Crystal Palace library for proxying Nt API calls via the Threadpool
☆99Oct 18, 2025Updated 4 months ago
kozmer / silentpulse
View on GitHub
single-threaded event driven sleep obfuscation poc for linux
☆38Jun 14, 2025Updated 8 months ago
RayRRT / BOFs
View on GitHub
Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.
☆101Jan 26, 2026Updated last month
rxOred / process-hollowing
View on GitHub
process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
☆31Jan 9, 2022Updated 4 years ago
mubix / redteam-collab
View on GitHub
Red Team Collaboration Infrastructure
☆98Apr 24, 2025Updated 10 months ago
0xJs / BYOVD_read_write_primitive
View on GitHub
Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
☆210Aug 21, 2025Updated 6 months ago
Teach2Breach / rust_api_demo
View on GitHub
various methods of making API calls
☆19Feb 1, 2025Updated last year
NtDallas / Draugr
View on GitHub
BOF with Synthetic Stackframe
☆225Oct 30, 2025Updated 3 months ago
S12cybersecurity / FrankensteinAPCInjection
View on GitHub
Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueAp…
☆63Feb 17, 2026Updated last week
sliverarmory / beignet
View on GitHub
MacOS Shared Library to Shellcode Loader
☆51Updated this week
jsecu / 7DaysofRed
View on GitHub
7 days of Red Teaming TTPs that your favorite tools may use to acheive a post exploitation goal
☆18Apr 17, 2021Updated 4 years ago
Maldev-Academy / HookingLsassForCredentials
View on GitHub
Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
☆54May 12, 2025Updated 9 months ago
synacktiv / OUned
View on GitHub
The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning
☆155Nov 2, 2025Updated 3 months ago
casp3r0x0 / LoaderGate
View on GitHub
a C# implementation for a shellcode loader that capable to bypass Cortex XDR and Sophos EDR.
☆91May 24, 2025Updated 9 months ago
rasta-mouse / Crystal-Loaders
View on GitHub
A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
☆185Oct 29, 2025Updated 3 months ago
WKL-Sec / slack-udc2
View on GitHub
Cobalt Strike UDC2 implementation that provides an Slack C2 channel
☆60Jan 5, 2026Updated last month
cfs0x / nightshade
View on GitHub
☆36Jul 1, 2025Updated 7 months ago
pruno7 / nEkko
View on GitHub
A nim port of C5pider's Ekko project.
☆17Oct 1, 2022Updated 3 years ago
synacktiv / keebcap
View on GitHub
Win32 keylogger that supports all (non-ime using) languages correctly
☆53Dec 21, 2023Updated 2 years ago
Teach2Breach / noldr
View on GitHub
Dynamically resolve API function addresses at runtime in a secure manner.
☆72Nov 11, 2025Updated 3 months ago
nbaertsch / Shrike
View on GitHub
Hunting and injecting RWX 'mockingjay' DLLs in pure nim
☆59Dec 11, 2024Updated last year
Cobalt-Strike / sleepmask-vs
View on GitHub
A simple Sleepmask BOF example
☆167Nov 24, 2025Updated 3 months ago
Teach2Breach / dll2shell
View on GitHub
converts sRDI compatible dlls to shellcode
☆35Jan 20, 2025Updated last year
ofasgard / execute-assembly-pico
View on GitHub
A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
☆128Jan 28, 2026Updated 3 weeks ago
ViperXSecurity / lib-nosa
View on GitHub
lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
☆122Sep 8, 2024Updated last year
bugch3ck / SharpLdapWhoami
View on GitHub
WhoAmI by asking the LDAP service on a domain controller.
☆64Feb 8, 2022Updated 4 years ago
0xjbb / vehspoof
View on GitHub
Callstack spoofing using a VEH because VEH all the things.
☆23Mar 18, 2025Updated 11 months ago
HullaBrian / COMmander
View on GitHub
.NET tool used to enrich RPC telemetry
☆101Jan 24, 2026Updated last month
NtDallas / KrakenMask
View on GitHub
Sleep obfuscation
☆268Dec 13, 2024Updated last year
gabriellandau / ShadowStackWalk
View on GitHub
Finding Truth in the Shadows
☆123Jan 26, 2023Updated 3 years ago
outflanknl / seccomp-notify-injection
View on GitHub
Linux Process Injection via Seccomp Notifier
☆83Dec 9, 2025Updated 2 months ago
Teach2Breach / early_cascade_inj_rs
View on GitHub
early cascade injection PoC based on Outflanks blog post, in rust
☆62Nov 8, 2024Updated last year
kozmer / aad-bofs
View on GitHub
☆138Nov 17, 2025Updated 3 months ago
outflanknl / macho-loader
View on GitHub
Position-independent Reflective Loader for macOS
☆112Feb 19, 2026Updated last week
garrettfoster13 / mssqlkaren
View on GitHub
modified mssqlclient from impacket to extract policies from the SCCM database
☆44Updated this week