Windows Thread Pool Injection Havoc Implementation
☆34Mar 23, 2024Updated 2 years ago
Alternatives and similar repositories for havoc-PoolParty
Users that are interested in havoc-PoolParty are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆66Mar 19, 2024Updated 2 years ago
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆68Dec 25, 2025Updated 3 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Dec 16, 2023Updated 2 years ago
- A beacon object file implementation of PoolParty Process Injection Technique.☆444Dec 21, 2023Updated 2 years ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆191Jan 17, 2026Updated 2 months ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Process hunting Toolkit is toolkit capable of hunting down malicious processes on Windows☆14Jan 31, 2025Updated last year
- Tool to enumerate unregistered reply URLs for single and multitenant apps in Azure☆15Jan 23, 2025Updated last year
- ☆61Jan 9, 2023Updated 3 years ago
- early cascade injection PoC based on Outflanks blog post☆241Nov 7, 2024Updated last year
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆78Dec 23, 2023Updated 2 years ago
- this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)☆83Dec 20, 2023Updated 2 years ago
- ☆14Sep 26, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A simple BOF (Beacon Object File) to search files in the system☆15Dec 2, 2023Updated 2 years ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 7 months ago
- Threadless Injection Payload Toolkit☆12Oct 12, 2023Updated 2 years ago
- Remotely Enumerate sessions using undocumented Windows Station APIs☆117Aug 21, 2024Updated last year
- A Mythic agent for Windows written in C☆161Updated this week
- a port of privkit bof for havoc☆23Dec 8, 2023Updated 2 years ago
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- A C# implementation that disables Windows Firewall bypassing UAC☆17Oct 23, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- SafeCrypt is an academic ransomware simulation suite developed for Red Team engagements. It demonstrates modern malware techniques includ…☆34Oct 3, 2025Updated 6 months ago
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆139Dec 7, 2025Updated 4 months ago
- Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe☆13Dec 11, 2023Updated 2 years ago
- ☆147Oct 29, 2024Updated last year
- DFSCoerce exe revisited version with custom authentication☆43Jan 13, 2024Updated 2 years ago
- Hide shellcode by shuffling bytes into a random array and reconstruct at runtime☆203Mar 26, 2025Updated last year
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆43Apr 6, 2025Updated last year
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Jul 12, 2024Updated last year
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆127Dec 23, 2025Updated 3 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution☆200May 29, 2025Updated 10 months ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆94Jan 2, 2026Updated 3 months ago
- Stage 0☆168Dec 18, 2024Updated last year
- ☆164Oct 25, 2023Updated 2 years ago
- The EMP Jammer is an innovative jamming device which jams the devices nearby by inducing an alternating voltage in it .☆13Jan 3, 2023Updated 3 years ago
- BOF with Synthetic Stackframe☆239Oct 30, 2025Updated 5 months ago