HulkOperator/CallStackSpoofer external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

HulkOperator/CallStackSpoofer

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/HulkOperator/CallStackSpoofer)

Close

HulkOperator / CallStackSpooferView on GitHubMore

• External links
• Readme badge

☆65Dec 19, 2024Updated last year

Alternatives and similar repositories for CallStackSpoofer

Users that are interested in CallStackSpoofer are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆189Jan 17, 2026Updated 2 months ago
• Teach2Breach / rust_api_demo

  View on GitHub
  various methods of making API calls
  ☆19Feb 1, 2025Updated last year
• pard0p / Self-Cleaning-PICO-Loader

  View on GitHub
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆52Nov 2, 2025Updated 5 months ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆153Mar 25, 2025Updated last year
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• NtDallas / BOF_RunPe

  View on GitHub
  BOF to run PE in Cobalt Strike Beacon without console creation
  ☆196Nov 23, 2025Updated 4 months ago
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆108Feb 25, 2025Updated last year
• nickvourd / Rocabella

  View on GitHub
  Sniffing files generator
  ☆62Feb 24, 2025Updated last year
• chryzsh / linux_bof

  View on GitHub
  ELF Beacon Object File (BOF) Template
  ☆19Nov 18, 2024Updated last year
• amroes / FlexSheller

  View on GitHub
  ☆12Feb 4, 2025Updated last year
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆154Jul 23, 2025Updated 8 months ago
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆69Jan 11, 2026Updated 2 months ago
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆302Jul 31, 2024Updated last year
• 0xjbb / vehspoof

  View on GitHub
  Callstack spoofing using a VEH because VEH all the things.
  ☆23Mar 18, 2025Updated last year
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• WKL-Sec / FuncAddressPro

  View on GitHub
  A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
  ☆72Mar 6, 2024Updated 2 years ago
• xforcered / Being-A-Good-CLR-Host

  View on GitHub
  ☆138Jan 16, 2025Updated last year
• ofasgard / execute-assembly-pico

  View on GitHub
  A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
  ☆129Jan 28, 2026Updated 2 months ago
• MrAle98 / Sliver-PortBender

  View on GitHub
  Sliver extension performing TCP redirection tasks without performing cross-process injection.
  ☆68Jan 14, 2025Updated last year
• gsmith257-cyber / better-sliver

  View on GitHub
  Adversary Emulation Framework
  ☆129Jul 1, 2025Updated 9 months ago
• tijme / relocatable

  View on GitHub
  Boilerplate to develop raw and truly Position Independent Code (PIC).
  ☆117Jan 20, 2025Updated last year
• silentwarble / PIC-Library

  View on GitHub
  A collection of position independent coding resources
  ☆109Nov 15, 2025Updated 4 months ago
• zero2504 / Shadow-Rebirth

  View on GitHub
  Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique
  ☆21Dec 3, 2024Updated last year
• HulkOperator / Spoof-RetAddr

  View on GitHub
  ☆37Nov 8, 2024Updated last year
• NordVPN Threat Protection Pro™ • Ad
  Take your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
• PhantomSecurityGroup / Crystal-Kit

  View on GitHub
  Evasion kit for Cobalt Strike
  ☆30Jan 16, 2026Updated 2 months ago
• passthehashbrowns / Being-A-Good-CLR-Host

  View on GitHub
  ☆95Jan 21, 2025Updated last year
• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆140Apr 6, 2025Updated last year
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆128Jan 17, 2026Updated 2 months ago
• som3canadian / Mythic_NimSyscallPacker_Wrapper

  View on GitHub
  Mythic C2 wrapper for NimSyscallPacker
  ☆25Mar 12, 2025Updated last year
• zzhsec / NlsCodeInjectionThroughRegistry

  View on GitHub
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆16Jun 18, 2022Updated 3 years ago
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆335Mar 6, 2025Updated last year
• ameenalkerdy / ETWShellcodeLoader

  View on GitHub
  Shellcode Loader Utilizing ETW Events
  ☆66Feb 26, 2025Updated last year
• Maldev-Academy / MaldevAcademyLdr.2

  View on GitHub
  RunPE implementation with multiple evasive techniques (2)
  ☆278Sep 25, 2025Updated 6 months ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• NetSPI / silkwasm

  View on GitHub
  HTML Smuggling with Web Assembly
  ☆72Feb 20, 2024Updated 2 years ago
• zimnyaa / grpcssh

  View on GitHub
  A simple reverse ssh/proxy implant PoC for *nix systems.
  ☆57Jul 5, 2024Updated last year
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• Teach2Breach / noldr

  View on GitHub
  Dynamically resolve API function addresses at runtime in a secure manner.
  ☆73Nov 11, 2025Updated 4 months ago
• tdeerenberg / InlineWhispers3

  View on GitHub
  Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
  ☆103Jul 9, 2025Updated 9 months ago
• ibaiC / FriendlyFireBOF

  View on GitHub
  A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
  ☆57Apr 14, 2025Updated 11 months ago
• racoten / BetterNetLoader

  View on GitHub
  A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints
  ☆124Jul 11, 2025Updated 8 months ago