HulkOperator/CallStackSpoofer external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

HulkOperator/CallStackSpoofer

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/HulkOperator/CallStackSpoofer)

Close

HulkOperator / CallStackSpooferView on GitHubMore

• External links
• Readme badge

☆72Dec 19, 2024Updated last year

Alternatives and similar repositories for CallStackSpoofer

Users that are interested in CallStackSpoofer are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆189Jan 17, 2026Updated 5 months ago
• Teach2Breach / rust_api_demo

  View on GitHub
  various methods of making API calls
  ☆19Feb 1, 2025Updated last year
• pard0p / Self-Cleaning-PICO-Loader

  View on GitHub
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆54Nov 2, 2025Updated 7 months ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆111Aug 21, 2024Updated last year
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆154Mar 25, 2025Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• NtDallas / BOF_RunPe

  View on GitHub
  BOF to run PE in Cobalt Strike Beacon without console creation
  ☆199Nov 23, 2025Updated 7 months ago
• WKL-Sec / FuncAddressPro

  View on GitHub
  A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
  ☆73Mar 6, 2024Updated 2 years ago
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆107Feb 25, 2025Updated last year
• nickvourd / Rocabella

  View on GitHub
  Sniffing files generator
  ☆62Feb 24, 2025Updated last year
• chryzsh / linux_bof

  View on GitHub
  ELF Beacon Object File (BOF) Template
  ☆20Nov 18, 2024Updated last year
• amroes / FlexSheller

  View on GitHub
  ☆13Feb 4, 2025Updated last year
• 0xjbb / vehspoof

  View on GitHub
  Callstack spoofing using a VEH because VEH all the things.
  ☆24Mar 18, 2025Updated last year
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆74Jan 11, 2026Updated 5 months ago
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆309Jul 31, 2024Updated last year
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• xforcered / Being-A-Good-CLR-Host

  View on GitHub
  ☆141Jan 16, 2025Updated last year
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆158Jul 23, 2025Updated 11 months ago
• MrAle98 / Sliver-PortBender

  View on GitHub
  Sliver extension performing TCP redirection tasks without performing cross-process injection.
  ☆68Jan 14, 2025Updated last year
• gsmith257-cyber / better-sliver

  View on GitHub
  Adversary Emulation Framework
  ☆130Jul 1, 2025Updated 11 months ago
• tijme / relocatable

  View on GitHub
  Boilerplate to develop raw and truly Position Independent Code (PIC).
  ☆117Jan 20, 2025Updated last year
• ofasgard / execute-assembly-pico

  View on GitHub
  A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
  ☆139Jan 28, 2026Updated 5 months ago
• silentwarble / PIC-Library

  View on GitHub
  A collection of position independent coding resources
  ☆122Nov 15, 2025Updated 7 months ago
• zero2504 / Shadow-Rebirth

  View on GitHub
  Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique
  ☆21Dec 3, 2024Updated last year
• HulkOperator / Spoof-RetAddr

  View on GitHub
  ☆37Nov 8, 2024Updated last year
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• PhantomSecurityGroup / Crystal-Kit

  View on GitHub
  Evasion kit for Cobalt Strike
  ☆30Jan 16, 2026Updated 5 months ago
• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆144Apr 6, 2025Updated last year
• som3canadian / Mythic_NimSyscallPacker_Wrapper

  View on GitHub
  Mythic C2 wrapper for NimSyscallPacker
  ☆26Mar 12, 2025Updated last year
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆136Jan 17, 2026Updated 5 months ago
• zzhsec / NlsCodeInjectionThroughRegistry

  View on GitHub
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆16Jun 18, 2022Updated 4 years ago
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆337Mar 6, 2025Updated last year
• Maldev-Academy / MaldevAcademyLdr.2

  View on GitHub
  RunPE implementation with multiple evasive techniques (2)
  ☆283Sep 25, 2025Updated 9 months ago
• ameenalkerdy / ETWShellcodeLoader

  View on GitHub
  Shellcode Loader Utilizing ETW Events
  ☆66Feb 26, 2025Updated last year
• NetSPI / silkwasm

  View on GitHub
  HTML Smuggling with Web Assembly
  ☆77Feb 20, 2024Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• zimnyaa / grpcssh

  View on GitHub
  A simple reverse ssh/proxy implant PoC for *nix systems.
  ☆57Jul 5, 2024Updated last year
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆64Nov 8, 2024Updated last year
• passthehashbrowns / Being-A-Good-CLR-Host

  View on GitHub
  ☆104Jan 21, 2025Updated last year
• tdeerenberg / InlineWhispers3

  View on GitHub
  Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
  ☆104Jul 9, 2025Updated 11 months ago
• Teach2Breach / noldr

  View on GitHub
  Dynamically resolve API function addresses at runtime in a secure manner.
  ☆73Nov 11, 2025Updated 7 months ago
• ibaiC / FriendlyFireBOF

  View on GitHub
  A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
  ☆57Apr 14, 2025Updated last year
• EricEsquivel / CobaltStrike-Linux-Beacon

  View on GitHub
  Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons
  ☆211Feb 11, 2026Updated 4 months ago