☆65Dec 19, 2024Updated last year
Alternatives and similar repositories for CallStackSpoofer
Users that are interested in CallStackSpoofer are comparing it to the libraries listed below
Sorting:
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 2 months ago
- various methods of making API calls☆19Feb 1, 2025Updated last year
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆51Nov 2, 2025Updated 4 months ago
- BOF to run PE in Cobalt Strike Beacon without console creation☆187Nov 23, 2025Updated 3 months ago
- ☆108Aug 21, 2024Updated last year
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated last year
- Sniffing files generator☆62Feb 24, 2025Updated last year
- ELF Beacon Object File (BOF) Template☆19Nov 18, 2024Updated last year
- ☆12Feb 4, 2025Updated last year
- Local SYSTEM auth trigger for relaying - X☆154Jul 23, 2025Updated 7 months ago
- Mentally ill EtwTi parser☆69Jan 11, 2026Updated 2 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆301Jul 31, 2024Updated last year
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆72Mar 6, 2024Updated 2 years ago
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated last year
- ☆139Jan 16, 2025Updated last year
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆129Jan 28, 2026Updated last month
- Sliver extension performing TCP redirection tasks without performing cross-process injection.☆68Jan 14, 2025Updated last year
- Adversary Emulation Framework☆129Jul 1, 2025Updated 8 months ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- A collection of position independent coding resources☆107Nov 15, 2025Updated 4 months ago
- Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique☆20Dec 3, 2024Updated last year
- ☆37Nov 8, 2024Updated last year
- Evasion kit for Cobalt Strike☆30Jan 16, 2026Updated 2 months ago
- ☆87Jan 21, 2025Updated last year
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆139Apr 6, 2025Updated 11 months ago
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆124Jan 17, 2026Updated 2 months ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Jun 18, 2022Updated 3 years ago
- Mythic C2 wrapper for NimSyscallPacker☆25Mar 12, 2025Updated last year
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆335Mar 6, 2025Updated last year
- Shellcode Loader Utilizing ETW Events☆66Feb 26, 2025Updated last year
- RunPE implementation with multiple evasive techniques (2)☆277Sep 25, 2025Updated 5 months ago
- HTML Smuggling with Web Assembly☆66Feb 20, 2024Updated 2 years ago
- A simple reverse ssh/proxy implant PoC for *nix systems.☆57Jul 5, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Dynamically resolve API function addresses at runtime in a secure manner.☆73Nov 11, 2025Updated 4 months ago
- Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion☆103Jul 9, 2025Updated 8 months ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 11 months ago
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆125Jul 11, 2025Updated 8 months ago