Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared library. Format inspired by @rasta-mouse's LibTP.
☆81Nov 6, 2025Updated 5 months ago
Alternatives and similar repositories for LibTPLoadLib
Users that are interested in LibTPLoadLib are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Prevent in-process process termination by patching exit APIs☆65Nov 9, 2025Updated 5 months ago
- ☆39Nov 25, 2025Updated 4 months ago
- Crystal Palace library for proxying Nt API calls via the Threadpool☆100Oct 18, 2025Updated 5 months ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆94Jan 2, 2026Updated 3 months ago
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆113Jan 26, 2026Updated 2 months ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- some leaked src code for known and unknown malwares☆23Aug 15, 2025Updated 7 months ago
- Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueAp…☆68Feb 17, 2026Updated last month
- Templates for developing your own listeners and agents for AdaptixC2.☆49Feb 28, 2026Updated last month
- A large collection of blogs 🦐☆13Apr 12, 2025Updated 11 months ago
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Notion C2 Profile for Mythic☆42Mar 3, 2026Updated last month
- ☆36Jul 1, 2025Updated 9 months ago
- 7 days of Red Teaming TTPs that your favorite tools may use to acheive a post exploitation goal☆18Apr 17, 2021Updated 4 years ago
- Linux Process Injection via Seccomp Notifier☆84Dec 9, 2025Updated 4 months ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- This is a PoC using native windows API directx, to hide and decrypt shellcode via compute shader☆10May 3, 2025Updated 11 months ago
- Shellcode injection using the Windows Debugging API☆178Jan 4, 2026Updated 3 months ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆129Jan 28, 2026Updated 2 months ago
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- Demo of process injection, using Nt, direct syscall, etc.☆27Sep 29, 2021Updated 4 years ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆215Aug 21, 2025Updated 7 months ago
- The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning☆156Nov 2, 2025Updated 5 months ago
- A different approach to writing BOFs in rust.☆20Aug 20, 2025Updated 7 months ago
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆64Dec 25, 2025Updated 3 months ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Finding Truth in the Shadows☆126Jan 26, 2023Updated 3 years ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆73Nov 11, 2025Updated 4 months ago
- BOF with Synthetic Stackframe☆239Oct 30, 2025Updated 5 months ago
- This project is a deliberately vulnerable environment to learn about LLM-specific risks based on the OWASP Top 10 for LLM Applications.☆52Jan 19, 2026Updated 2 months ago
- A simple Sleepmask BOF example☆173Nov 24, 2025Updated 4 months ago
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆68Jan 5, 2026Updated 3 months ago
- Built for red teamers, by red teamers - an MCP tool for malware development, OPSEC testing, and supporting custom loader design during re…☆42Aug 10, 2025Updated 7 months ago
- A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…☆289Feb 21, 2026Updated last month
- Proof-of-Concept to evade auditd by writing /proc/PID/mem☆25Aug 21, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- ☆108Oct 29, 2024Updated last year
- Crystal Palace RDLL loader for Adaptix C2 with Ekko sleep obfuscation, IAT hooking via PICO, and per-section permission restoration☆106Mar 24, 2026Updated 2 weeks ago
- converts sRDI compatible dlls to shellcode☆35Jan 20, 2025Updated last year
- modified mssqlclient from impacket to extract policies from the SCCM database☆47Feb 24, 2026Updated last month
- Sleep obfuscation☆272Dec 13, 2024Updated last year
- One WSL BOF to rule them all☆170Jan 14, 2026Updated 2 months ago
- MacOS Shared Library to Shellcode Loader☆64Feb 23, 2026Updated last month