A more reliable way of resolving syscall numbers in Windows
☆55Feb 12, 2024Updated 2 years ago
Alternatives and similar repositories for Hypnos
Users that are interested in Hypnos are comparing it to the libraries listed below
Sorting:
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- ☆152Oct 2, 2023Updated 2 years ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆293Jul 15, 2023Updated 2 years ago
- Execute shellcode files with rundll32☆216Jan 28, 2024Updated 2 years ago
- simple C# portscanner - written for playing around with Metasploit's Execute-Assembly☆10Jul 1, 2023Updated 2 years ago
- ☆12Jul 2, 2023Updated 2 years ago
- Windows Service with the implementation of the Process hollowing technique to run shellcode☆14Jul 20, 2023Updated 2 years ago
- ☆108Aug 21, 2024Updated last year
- This project is an implant framework designed for long term persistent access to Windows machines.☆108Sep 22, 2023Updated 2 years ago
- An improvement and a different approach to Mockingjay Self-Injection.☆35May 21, 2024Updated last year
- Your syscall factory☆126Jan 13, 2026Updated last month
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆60Dec 15, 2023Updated 2 years ago
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- ☆101Oct 7, 2023Updated 2 years ago
- .net config loader☆348Nov 9, 2023Updated 2 years ago
- Run Cobalt Strike BOFs in Brute Ratel C4!☆86Apr 15, 2025Updated 10 months ago
- Load a dynamic library from memory by modifying the native Windows loader☆286Jun 18, 2025Updated 8 months ago
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆54Oct 19, 2023Updated 2 years ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆154Aug 4, 2025Updated 6 months ago
- A .NET malware loader, using API-Hashing to evade static analysis☆210May 30, 2023Updated 2 years ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆407Aug 22, 2023Updated 2 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆306Aug 2, 2023Updated 2 years ago
- Dump Lsass Memory Using a Reflective Dll☆14Feb 4, 2022Updated 4 years ago
- Shaco is a linux agent for havoc☆170Oct 25, 2023Updated 2 years ago
- ☆141Jun 21, 2023Updated 2 years ago
- Bunch of BOF files☆39Jun 30, 2025Updated 8 months ago
- ☆60Dec 15, 2023Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…☆185Aug 2, 2023Updated 2 years ago
- Sliver extension performing TCP redirection tasks without performing cross-process injection.☆68Jan 14, 2025Updated last year
- Sleep obfuscation☆268Dec 13, 2024Updated last year
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆318Aug 31, 2023Updated 2 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆368Apr 19, 2023Updated 2 years ago
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆137Mar 3, 2025Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆779Jan 26, 2026Updated last month
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- ☆341Nov 10, 2025Updated 3 months ago