From C, Rust or Zig to binary shellcode compiler based on Mingw gcc. It allows using Win32 APIs and standard libraries without any changes to the source code.
☆53Sep 22, 2025Updated 5 months ago
Alternatives and similar repositories for PIClin
Users that are interested in PIClin are comparing it to the libraries listed below
Sorting:
- A bunch of shenanigans using functions, VEH and more☆37Jun 8, 2025Updated 8 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 7 months ago
- various methods of making API calls☆19Feb 1, 2025Updated last year
- COM-based DLL Surrogate Injection☆142Dec 9, 2025Updated 2 months ago
- Executes Read/Write process memory with `NtQueryCompositionSurfaceStatistics`☆23Feb 10, 2024Updated 2 years ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 7 months ago
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆124Jan 17, 2026Updated last month
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- An advanced utility for converting Windows Portable Executable (PE) files to position-independent code (PIC) shellcode. It enables execut…☆65Mar 1, 2025Updated last year
- This is a VxLAN PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion☆28Jul 21, 2025Updated 7 months ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago
- A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.☆31Feb 7, 2025Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated 11 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated last year
- Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability☆24Feb 5, 2025Updated last year
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆72Nov 11, 2025Updated 3 months ago
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- A proof-of-concept shellcode loader that leverages AI/ML face recognition models to verify the identity of a user on a target system☆42Oct 30, 2024Updated last year
- ☆127Dec 12, 2025Updated 2 months ago
- Random BOFs for LDAP tradecraft☆74Sep 9, 2025Updated 5 months ago
- Cobalt Strike BOF☆43Dec 10, 2025Updated 2 months ago
- An example reference design for a proposed BOF PE☆200Jan 23, 2026Updated last month
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆122Dec 23, 2025Updated 2 months ago
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- Basic utilities for executing, reading and writing 64-bit data in a 32-bit WoW64 process☆19Jul 8, 2022Updated 3 years ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- remote process injections using pool party techniques☆70Jun 29, 2025Updated 8 months ago
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- BOF with Synthetic Stackframe☆230Oct 30, 2025Updated 4 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆264Aug 31, 2025Updated 6 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆137Aug 31, 2025Updated 6 months ago
- A python library to create BloodHound OpenGraphs☆53Feb 4, 2026Updated last month
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution☆200May 29, 2025Updated 9 months ago
- ☆108Aug 21, 2024Updated last year