Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared library. Format inspired by @rasta-mouse's LibTP.
☆81Nov 6, 2025Updated 4 months ago
Alternatives and similar repositories for LibTPLoadLib
Users that are interested in LibTPLoadLib are comparing it to the libraries listed below
Sorting:
- Prevent in-process process termination by patching exit APIs☆65Nov 9, 2025Updated 4 months ago
- ☆39Nov 25, 2025Updated 3 months ago
- Crystal Palace library for proxying Nt API calls via the Threadpool☆101Oct 18, 2025Updated 5 months ago
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆103Jan 26, 2026Updated last month
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆91Jan 2, 2026Updated 2 months ago
- some leaked src code for known and unknown malwares☆23Aug 15, 2025Updated 7 months ago
- Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueAp…☆66Feb 17, 2026Updated last month
- Templates for developing your own listeners and agents for AdaptixC2.☆47Feb 28, 2026Updated 2 weeks ago
- Notion C2 Profile for Mythic☆35Mar 3, 2026Updated 2 weeks ago
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- A different approach to writing BOFs in rust.☆19Aug 20, 2025Updated 6 months ago
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆64Dec 25, 2025Updated 2 months ago
- ☆36Jul 1, 2025Updated 8 months ago
- Crystal Palace RDLL loader for Adaptix C2 with Ekko sleep obfuscation, IAT hooking via PICO, and per-section permission restoration☆90Updated this week
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆211Aug 21, 2025Updated 6 months ago
- 7 days of Red Teaming TTPs that your favorite tools may use to acheive a post exploitation goal☆18Apr 17, 2021Updated 4 years ago
- Linux Process Injection via Seccomp Notifier☆84Dec 9, 2025Updated 3 months ago
- This is a PoC using native windows API directx, to hide and decrypt shellcode via compute shader☆10May 3, 2025Updated 10 months ago
- Shellcode injection using the Windows Debugging API☆171Jan 4, 2026Updated 2 months ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆129Jan 28, 2026Updated last month
- Demo of process injection, using Nt, direct syscall, etc.☆27Sep 29, 2021Updated 4 years ago
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning☆154Nov 2, 2025Updated 4 months ago
- This project is a deliberately vulnerable environment to learn about LLM-specific risks based on the OWASP Top 10 for LLM Applications.☆52Jan 19, 2026Updated 2 months ago
- Finding Truth in the Shadows☆124Jan 26, 2023Updated 3 years ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆73Nov 11, 2025Updated 4 months ago
- BOF with Synthetic Stackframe☆233Oct 30, 2025Updated 4 months ago
- A simple Sleepmask BOF example☆171Nov 24, 2025Updated 3 months ago
- A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…☆277Feb 21, 2026Updated 3 weeks ago
- Built for red teamers, by red teamers - an MCP tool for malware development, OPSEC testing, and supporting custom loader design during re…☆43Aug 10, 2025Updated 7 months ago
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆65Jan 5, 2026Updated 2 months ago
- ☆109Oct 29, 2024Updated last year
- One WSL BOF to rule them all☆163Jan 14, 2026Updated 2 months ago
- converts sRDI compatible dlls to shellcode☆35Jan 20, 2025Updated last year
- modified mssqlclient from impacket to extract policies from the SCCM database☆46Feb 24, 2026Updated 3 weeks ago
- Sleep obfuscation☆270Dec 13, 2024Updated last year
- MacOS Shared Library to Shellcode Loader☆60Feb 23, 2026Updated 3 weeks ago
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆295Nov 1, 2025Updated 4 months ago
- various methods of making API calls☆19Feb 1, 2025Updated last year