A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally safe or stable, built as a PoC to showcase Havoc C2's modular C2 channel interface.
☆91Oct 10, 2022Updated 3 years ago
Alternatives and similar repositories for HavocNotion
Users that are interested in HavocNotion are comparing it to the libraries listed below
Sorting:
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆86Nov 8, 2023Updated 2 years ago
- It's what all the kids are talking about☆12Apr 25, 2023Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated 9 months ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- ☆113Oct 10, 2022Updated 3 years ago
- DLL Exports Extraction BOF with optional NTFS transactions.☆90Nov 5, 2021Updated 4 years ago
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).☆186Feb 12, 2023Updated 3 years ago
- Generate droppers with encrypted payloads automatically.☆54Nov 16, 2021Updated 4 years ago
- ShellcodeFluctuation PoC ported to Nim☆79Oct 14, 2022Updated 3 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Nov 19, 2022Updated 3 years ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆89Jan 2, 2026Updated last month
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- ☆47Feb 11, 2023Updated 3 years ago
- ☆223Oct 22, 2023Updated 2 years ago
- Python module for running BOFs☆79Nov 28, 2025Updated 3 months ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆78Feb 8, 2023Updated 3 years ago
- ☆101Oct 7, 2023Updated 2 years ago
- A simple BOF that disables some logging with NtSetInformationProcess☆13Oct 13, 2023Updated 2 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆116Feb 27, 2021Updated 5 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆209Nov 12, 2025Updated 3 months ago
- ☆31Aug 23, 2020Updated 5 years ago
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- Monarch - The Adversary Emulation Toolkit☆64Jan 7, 2025Updated last year
- ☆162Mar 27, 2023Updated 2 years ago
- ☆48May 12, 2021Updated 4 years ago
- C# version of NTLMRawUnHide☆72Oct 8, 2022Updated 3 years ago
- ☆170Jul 27, 2024Updated last year
- ☆57Apr 19, 2023Updated 2 years ago
- Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly☆117Sep 30, 2024Updated last year
- API Hammering with C++20☆50Jul 21, 2022Updated 3 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆151Jul 20, 2022Updated 3 years ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 2 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆301Oct 26, 2022Updated 3 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Nov 21, 2022Updated 3 years ago
- A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation☆38Dec 7, 2025Updated 2 months ago
- A shellcode function to encrypt a running process image when sleeping.☆340Sep 11, 2021Updated 4 years ago
- ☆75Feb 4, 2024Updated 2 years ago