HulkOperator/CallStackSpoofer external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

HulkOperator/CallStackSpoofer

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/HulkOperator/CallStackSpoofer)

Close

HulkOperator / CallStackSpooferView on GitHubMore

• External links
• Readme badge

☆70Dec 19, 2024Updated last year

Alternatives and similar repositories for CallStackSpoofer

Users that are interested in CallStackSpoofer are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆189Jan 17, 2026Updated 4 months ago
• Teach2Breach / rust_api_demo

  View on GitHub
  various methods of making API calls
  ☆19Feb 1, 2025Updated last year
• pard0p / Self-Cleaning-PICO-Loader

  View on GitHub
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆54Nov 2, 2025Updated 7 months ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆111Aug 21, 2024Updated last year
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆154Mar 25, 2025Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• NtDallas / BOF_RunPe

  View on GitHub
  BOF to run PE in Cobalt Strike Beacon without console creation
  ☆198Nov 23, 2025Updated 6 months ago
• WKL-Sec / FuncAddressPro

  View on GitHub
  A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
  ☆72Mar 6, 2024Updated 2 years ago
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆106Feb 25, 2025Updated last year
• nickvourd / Rocabella

  View on GitHub
  Sniffing files generator
  ☆62Feb 24, 2025Updated last year
• chryzsh / linux_bof

  View on GitHub
  ELF Beacon Object File (BOF) Template
  ☆19Nov 18, 2024Updated last year
• amroes / FlexSheller

  View on GitHub
  ☆13Feb 4, 2025Updated last year
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆74Jan 11, 2026Updated 4 months ago
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆308Jul 31, 2024Updated last year
• 0xjbb / vehspoof

  View on GitHub
  Callstack spoofing using a VEH because VEH all the things.
  ☆23Mar 18, 2025Updated last year
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• xforcered / Being-A-Good-CLR-Host

  View on GitHub
  ☆141Jan 16, 2025Updated last year
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆158Jul 23, 2025Updated 10 months ago
• MrAle98 / Sliver-PortBender

  View on GitHub
  Sliver extension performing TCP redirection tasks without performing cross-process injection.
  ☆68Jan 14, 2025Updated last year
• gsmith257-cyber / better-sliver

  View on GitHub
  Adversary Emulation Framework
  ☆130Jul 1, 2025Updated 11 months ago
• tijme / relocatable

  View on GitHub
  Boilerplate to develop raw and truly Position Independent Code (PIC).
  ☆116Jan 20, 2025Updated last year
• ofasgard / execute-assembly-pico

  View on GitHub
  A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
  ☆138Jan 28, 2026Updated 4 months ago
• silentwarble / PIC-Library

  View on GitHub
  A collection of position independent coding resources
  ☆119Nov 15, 2025Updated 6 months ago
• zero2504 / Shadow-Rebirth

  View on GitHub
  Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique
  ☆21Dec 3, 2024Updated last year
• HulkOperator / Spoof-RetAddr

  View on GitHub
  ☆37Nov 8, 2024Updated last year
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• PhantomSecurityGroup / Crystal-Kit

  View on GitHub
  Evasion kit for Cobalt Strike
  ☆30Jan 16, 2026Updated 4 months ago
• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆143Apr 6, 2025Updated last year
• som3canadian / Mythic_NimSyscallPacker_Wrapper

  View on GitHub
  Mythic C2 wrapper for NimSyscallPacker
  ☆26Mar 12, 2025Updated last year
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆131Jan 17, 2026Updated 4 months ago
• zzhsec / NlsCodeInjectionThroughRegistry

  View on GitHub
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆16Jun 18, 2022Updated 3 years ago
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆336Mar 6, 2025Updated last year
• Maldev-Academy / MaldevAcademyLdr.2

  View on GitHub
  RunPE implementation with multiple evasive techniques (2)
  ☆282Sep 25, 2025Updated 8 months ago
• ameenalkerdy / ETWShellcodeLoader

  View on GitHub
  Shellcode Loader Utilizing ETW Events
  ☆66Feb 26, 2025Updated last year
• NetSPI / silkwasm

  View on GitHub
  HTML Smuggling with Web Assembly
  ☆76Feb 20, 2024Updated 2 years ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• zimnyaa / grpcssh

  View on GitHub
  A simple reverse ssh/proxy implant PoC for *nix systems.
  ☆57Jul 5, 2024Updated last year
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆63Nov 8, 2024Updated last year
• passthehashbrowns / Being-A-Good-CLR-Host

  View on GitHub
  ☆103Jan 21, 2025Updated last year
• tdeerenberg / InlineWhispers3

  View on GitHub
  Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
  ☆104Jul 9, 2025Updated 11 months ago
• Teach2Breach / noldr

  View on GitHub
  Dynamically resolve API function addresses at runtime in a secure manner.
  ☆71Nov 11, 2025Updated 6 months ago
• ibaiC / FriendlyFireBOF

  View on GitHub
  A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
  ☆57Apr 14, 2025Updated last year
• EricEsquivel / CobaltStrike-Linux-Beacon

  View on GitHub
  Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons
  ☆209Feb 11, 2026Updated 3 months ago