Windows Thread Pool Injection Havoc Implementation
☆34Mar 23, 2024Updated last year
Alternatives and similar repositories for havoc-PoolParty
Users that are interested in havoc-PoolParty are comparing it to the libraries listed below
Sorting:
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆65Mar 19, 2024Updated 2 years ago
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆64Dec 25, 2025Updated 2 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Dec 16, 2023Updated 2 years ago
- A beacon object file implementation of PoolParty Process Injection Technique.☆438Dec 21, 2023Updated 2 years ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 2 months ago
- Process hunting Toolkit is toolkit capable of hunting down malicious processes on Windows☆14Jan 31, 2025Updated last year
- Tool to enumerate unregistered reply URLs for single and multitenant apps in Azure☆15Jan 23, 2025Updated last year
- ☆61Jan 9, 2023Updated 3 years ago
- early cascade injection PoC based on Outflanks blog post☆239Nov 7, 2024Updated last year
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆78Dec 23, 2023Updated 2 years ago
- this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)☆83Dec 20, 2023Updated 2 years ago
- ☆14Sep 26, 2023Updated 2 years ago
- A simple BOF (Beacon Object File) to search files in the system☆15Dec 2, 2023Updated 2 years ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 6 months ago
- Threadless Injection Payload Toolkit☆12Oct 12, 2023Updated 2 years ago
- Remotely Enumerate sessions using undocumented Windows Station APIs☆117Aug 21, 2024Updated last year
- A Mythic agent for Windows written in C☆162Mar 14, 2026Updated last week
- a port of privkit bof for havoc☆23Dec 8, 2023Updated 2 years ago
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- A C# implementation that disables Windows Firewall bypassing UAC☆17Oct 23, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- SafeCrypt is an academic ransomware simulation suite developed for Red Team engagements. It demonstrates modern malware techniques includ…☆33Oct 3, 2025Updated 5 months ago
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆137Dec 7, 2025Updated 3 months ago
- Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe☆13Dec 11, 2023Updated 2 years ago
- ☆147Oct 29, 2024Updated last year
- DFSCoerce exe revisited version with custom authentication☆42Jan 13, 2024Updated 2 years ago
- Hide shellcode by shuffling bytes into a random array and reconstruct at runtime☆203Mar 26, 2025Updated 11 months ago
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆43Apr 6, 2025Updated 11 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Jul 12, 2024Updated last year
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆121Dec 23, 2025Updated 2 months ago
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution☆199May 29, 2025Updated 9 months ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆91Jan 2, 2026Updated 2 months ago
- Stage 0☆169Dec 18, 2024Updated last year
- ☆163Oct 25, 2023Updated 2 years ago
- The EMP Jammer is an innovative jamming device which jams the devices nearby by inducing an alternating voltage in it .☆13Jan 3, 2023Updated 3 years ago
- BOF with Synthetic Stackframe☆233Oct 30, 2025Updated 4 months ago