Open Source Implementation of Cobalt Strike's Malleable C2
☆94Jan 27, 2026Updated last month
Alternatives and similar repositories for OpenMalleableC2
Users that are interested in OpenMalleableC2 are comparing it to the libraries listed below
Sorting:
- bring your own clean ntdll (or other MS dlls)☆29Jul 14, 2025Updated 7 months ago
- Zero dependency browser extension for handling import of cookies, Microsoft 365 OAuth tokens, and Graph API interactions.☆23Dec 31, 2025Updated 2 months ago
- ☆38Oct 16, 2025Updated 4 months ago
- C# API for Nidhogg rootkit☆21Apr 25, 2024Updated last year
- Python tool to automatically perform SPN-less RBCD attacks.☆120Jan 7, 2026Updated last month
- This is the latest version of XenoRAT, updated with configurations and capable of bypassing all system securities. It will be maintained …☆23Apr 16, 2025Updated 10 months ago
- Invoke-AtomicAssessment is a powerful tool designed to facilitate adversary emulation by leveraging Atomic Red Team.☆47Jan 22, 2025Updated last year
- Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData!☆75Feb 4, 2026Updated 3 weeks ago
- ☆71Feb 12, 2026Updated 2 weeks ago
- A Proof-of-Concept implementation of Reflective DLL Injection (RDI) specifically for Windows on ARM64. Demonstrates PEB access via the x1…☆34May 30, 2025Updated 9 months ago
- command control framework☆32Updated this week
- Threat Hunting queries of multiple platforms☆61Feb 19, 2026Updated last week
- Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…☆64Jan 19, 2026Updated last month
- stack based arithmetic only virtual machine (VM) executes bytecode instructions to perform various basic arithmetic operations and manage…☆27Mar 19, 2025Updated 11 months ago
- Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan …☆203Dec 8, 2025Updated 2 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆101Jan 10, 2026Updated last month
- Red Team tools containerized☆75Dec 6, 2025Updated 2 months ago
- The Azure Execution Tool☆129Feb 6, 2026Updated 3 weeks ago
- Self-mutating macOS implant☆120Dec 18, 2025Updated 2 months ago
- Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…☆115Oct 30, 2025Updated 4 months ago
- Prevent in-process process termination by patching exit APIs☆63Nov 9, 2025Updated 3 months ago
- This code silently installs Chrome extensions on Mac, Windows, and Linux☆128Jul 22, 2025Updated 7 months ago
- Rust implementation, creating a scheduled task programmatically with user logon trigger.☆47Jun 10, 2025Updated 8 months ago
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆43Apr 6, 2025Updated 10 months ago
- Phantom Keylogger is an advanced, stealth-enabled keystroke and visual intelligence gathering system.☆75Dec 10, 2025Updated 2 months ago
- ☆54Oct 13, 2025Updated 4 months ago
- ZoomBotC2 is a stealthy Command and Control (C2) framework that leverages Zoom's API endpoints for covert communication between implants …☆56Jun 30, 2025Updated 7 months ago
- A powerful, modular, lightweight and efficient command & control framework written in Nim.☆221Nov 3, 2025Updated 3 months ago
- Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking☆436Jun 27, 2025Updated 8 months ago
- ACL Viewer for Windows☆132May 4, 2025Updated 9 months ago
- ☆38Mar 28, 2025Updated 10 months ago
- Tool for playing with Windows Access Token manipulation.☆82Nov 28, 2022Updated 3 years ago
- fully async implementation of Dirkjan's ROADTools☆34Mar 15, 2025Updated 11 months ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bo…☆570Feb 14, 2026Updated 2 weeks ago
- A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Cal…☆256Jun 10, 2025Updated 8 months ago
- ysoserial.net docker image☆29Sep 23, 2024Updated last year
- ☆41Sep 9, 2023Updated 2 years ago
- Laravel RCE Exploitation Toolkit☆55Nov 8, 2025Updated 3 months ago