A set of tools and resources for analysis of Havoc C2
☆26Feb 27, 2024Updated 2 years ago
Alternatives and similar repositories for HavocC2-Forensics
Users that are interested in HavocC2-Forensics are comparing it to the libraries listed below
Sorting:
- Automated script for obfuscating, rebranding and renaming the Havoc C2 Framework to evade AV/EDR and C2 hunters.☆46Aug 13, 2025Updated 6 months ago
- A python tool to parse and describe the SDDL string.☆17Jan 5, 2026Updated 2 months ago
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- A ring0 Loadable Kernel Module (Linux) for latest kernels 6.x☆104Dec 16, 2025Updated 2 months ago
- Templates for developing your own listeners and agents for AdaptixC2.☆45Feb 28, 2026Updated last week
- An implementation of PyADRecon using ADWS instead of LDAP. Generates individual CSV files and a single XSLX + HTML report about your AD d…☆48Feb 23, 2026Updated last week
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆64Apr 2, 2025Updated 11 months ago
- Find kernel32 base and API addresses. Simple C++ implementation☆23Apr 7, 2022Updated 3 years ago
- Malicious PixelCode is a security research project that demonstrates a covert technique for encoding executable files into pixel data and…☆152Feb 2, 2026Updated last month
- Run payload like a Lazarus Group (UuidFromStringA). C++ implementation☆20Jul 24, 2022Updated 3 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 2 years ago
- Generate Proxy DLLs in Rust☆48Updated this week
- .NET assembly loader with patching AMSI and ETW bypass☆31Apr 16, 2025Updated 10 months ago
- Abusing SSRF to deliver an authenticated command injection payload☆29Sep 1, 2025Updated 6 months ago
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆50Jul 6, 2025Updated 8 months ago
- GetModuleHandle (via PEB) and GetProcAddress (via EAT) like☆32Feb 7, 2022Updated 4 years ago
- ☆48Jun 6, 2025Updated 9 months ago
- NSecSoftBYOVD POC☆58Feb 12, 2026Updated 3 weeks ago
- Stuxnet extracted binaries by reversing & Stuxnet Rootkit Analysis☆88Sep 14, 2024Updated last year
- ☆41Feb 20, 2025Updated last year
- Malware AV evasion via disable Windows Defender (Registry). C++☆35Jun 5, 2022Updated 3 years ago
- OsintifyX: Powerful Open-source OSINT tool for extracting valuable information from Instagram profiles. OSINT: Instagram Forensics Tool☆11Feb 19, 2024Updated 2 years ago
- A program for obfuscating C strings☆36Feb 26, 2023Updated 3 years ago
- Static binary analysis with Detect It Easy — 100% in your browser, no uploads.☆54Feb 10, 2026Updated 3 weeks ago
- converts sRDI compatible dlls to shellcode☆35Jan 20, 2025Updated last year
- Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…☆80Nov 6, 2025Updated 4 months ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- ☆41Sep 9, 2023Updated 2 years ago
- ☆35Dec 6, 2023Updated 2 years ago
- Laravel RCE Exploitation Toolkit☆57Nov 8, 2025Updated 4 months ago
- A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN☆105Jan 26, 2026Updated last month
- Simple HTTP async comms using standard GET/POST requests☆47Feb 5, 2026Updated last month
- Random BOFs for LDAP tradecraft☆74Sep 9, 2025Updated 6 months ago
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆102Jan 26, 2026Updated last month
- 一个用于暴力破解猫变换(Arnold's Cat Map)加密图像的命令行工具。☆26Dec 21, 2025Updated 2 months ago
- This repository contains a collection of scripts I use regularly for offensive security-related tasks.☆15Jan 17, 2026Updated last month
- A large collection of blogs 🦐☆13Apr 12, 2025Updated 10 months ago
- Discover Non-Discoverable Bluetooth Classic devices☆13Oct 10, 2024Updated last year
- A collection of FreeBSD rootkit kernel modules and utilities☆13Jun 25, 2025Updated 8 months ago