A simple C2 Framework written in modern C++
☆30Jul 2, 2026Updated 2 weeks ago
Alternatives and similar repositories for MalvexC2
Users that are interested in MalvexC2 are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Automatically deploying Mythic C2 in Azure using Terraform☆20Jul 3, 2026Updated last week
- Reflective DLL loader.☆25Jun 30, 2026Updated 2 weeks ago
- ☆15Mar 27, 2026Updated 3 months ago
- A PoC Cobalt Strike UDRL written in Rust☆31Jun 20, 2026Updated 3 weeks ago
- Staged DLL injection proof-of-concept built in C using Win32 APIs — developed in an isolated lab environment for red team certification s…☆40Jun 4, 2026Updated last month
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- NØW is a word-based shellcode encoding and obfuscation tool that transforms raw shellcode bytes into natural-looking English prose.☆69Jun 24, 2026Updated 3 weeks ago
- BingusLdr is a DLL loader built with Crystal Palace that uses a CET compatible stack spoofing technique.☆44Updated this week
- Adaptix C2 extender to support Cobalt Strike Malleable C2 profiles☆48Jun 28, 2026Updated 2 weeks ago
- .NET process monitor that hooks CLR at the native layer, dumps reflective assemblies from memory, and checks AMSI/ETW integrity vs on dis…☆39Updated this week
- multi layer encryption for payloads with options of delivery welcome to the Tenebris side☆25May 9, 2026Updated 2 months ago
- Noradrenaline is a collection of high-performance post-exploitation shared libraries designed for native execution on macOS and Linux end…☆29Jul 6, 2026Updated last week
- CVE-2026-45250 - FreeBSD 14.x LPE☆22May 21, 2026Updated last month
- Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR…☆108Updated this week
- Smuggling C2 comms through links previews☆18Jun 17, 2026Updated 3 weeks ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. Project Onyx is a PoC Red Team pipeline designed to demonstrate advance…☆113Jun 30, 2026Updated 2 weeks ago
- Ported from [LACUNA Chain](https://github.com/MazX0p/LACUNA-Chain) by Mohamed Alzhrani (0xmaz). lacuna-rs is a reusable Rust crate that …☆17Jul 2, 2026Updated 2 weeks ago
- IoT Firmware Deep Analysis: Automated reverse engineering and vulnerability discovery for IoT firmware binaries.☆21Jul 9, 2026Updated last week
- A powerful Windows UI monitoring and DNS exfiltration tool written in Rust, combining advanced UI event capture capabilities with secure …☆20Mar 6, 2025Updated last year
- Executing Shellcode with ReadDirectoryChanges’s Hidden Callback☆31Oct 13, 2025Updated 9 months ago
- demo unhooking functions in ntdll☆28Jul 15, 2025Updated last year
- Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.☆84Jun 15, 2026Updated last month
- KHAOS is a modern C2 framework that routes agent traffic through cloud services already trusted by enterprise networks.☆187Jul 8, 2026Updated last week
- Evasive loader for .NET Framework assemblies☆44May 14, 2026Updated 2 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆74Dec 26, 2025Updated 6 months ago
- ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.☆55Jul 15, 2023Updated 3 years ago
- A portable C# utility for enumerating local and remote windows sessions☆57Jan 1, 2026Updated 6 months ago
- Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.☆46Jun 18, 2026Updated 3 weeks ago
- A POC tool for exploring dev-tunnels☆66May 5, 2026Updated 2 months ago
- Tailscale/Headscale C2 profile and agent for Mythic☆25Mar 14, 2026Updated 4 months ago
- proper ntdll .text section unhooking via native api. unlike other unhookers this doesnt leave 2 ntdlls loaded. x86/x64/wow64 supported.☆53Dec 9, 2025Updated 7 months ago
- ☆54May 31, 2025Updated last year
- NTAPI hook bypass with (semi) legit stack trace☆18May 9, 2023Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- PowerShell module for mapping byte offsets to source context and locating AMSI or Microsoft Defender detection boundaries in text and bin…☆35Updated this week
- The samples referenced in my book, Evasive Malware (No starch Press)☆62Feb 20, 2026Updated 4 months ago
- Another new coercion primitive with LPE - machine-account NTLM coercion from a non-admin user via Windows Store InstallService plugin res…☆86Jun 20, 2026Updated 3 weeks ago
- EDRUnChoker - fileless WMI defense that removes EDRChoker QoS throttling policies☆43Jun 8, 2026Updated last month
- Proof of concept to detect module stomping detection by looking for modified .pdata sections.☆39Jun 11, 2026Updated last month
- A cross-platform, collaborative C2 for red-teaming. Agents are cross-compilable (e.g, you can generate Windows DLLs on Linux), cross-comp…☆23Mar 7, 2025Updated last year
- ☆22Jul 6, 2026Updated last week