Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR solutions and Kernel-level monitors like Falco (eBPF). It leverages advanced techniques such as SROP and Zero-Copy Injection to deliver payloads as a ghost in the machine.
☆108Jul 13, 2026Updated this week
Alternatives and similar repositories for Phantom-Evasion-Loader
Users that are interested in Phantom-Evasion-Loader are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A fileless C2 framework written in pure x64 Linux Assembly with zero libc dependencies. Features dynamic protocol pivoting between raw IC…☆85Jun 5, 2026Updated last month
- Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.☆46Jun 18, 2026Updated 3 weeks ago
- Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants☆192Jun 6, 2026Updated last month
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago
- Fritter is a heavily modified fork of TheWover and Odzhan's Donut shellcode generator.☆243Jun 11, 2026Updated last month
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- A sleepmask based on Ekko that preserves unwind data at sleep time.☆54Mar 30, 2026Updated 3 months ago
- open source implementation of the UDC2 spec used in Cobalt Strike☆54Jul 4, 2026Updated last week
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆142Apr 22, 2026Updated 2 months ago
- Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. Project Onyx is a PoC Red Team pipeline designed to demonstrate advance…☆113Jun 30, 2026Updated 2 weeks ago
- NØW is a word-based shellcode encoding and obfuscation tool that transforms raw shellcode bytes into natural-looking English prose.☆68Jun 24, 2026Updated 3 weeks ago
- AdaptixC2 default beacon agent extended to support Crystal Palace loaders.☆62May 4, 2026Updated 2 months ago
- PolyEngine is an evasive PE packer designed for CTF challenges and low-level Windows security education. It focuses on bypassing EDR and …☆147Jun 10, 2026Updated last month
- A Cobalt Strike Beacon Object File that exploits the BlueHammer vulnerability that to obtain a copy of the SAM database.☆166Apr 15, 2026Updated 2 months ago
- COM Windows Persistence Technique☆89Apr 27, 2026Updated 2 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Activation Context Hijacking Evasion Tool☆293Jun 17, 2026Updated 3 weeks ago
- DCOM in memory and fileless lateral movement techniques through .Net deserilization☆272Jun 22, 2026Updated 3 weeks ago
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- Bof of RegPwn by MDSec☆127Mar 15, 2026Updated 3 months ago
- WasmForge — compile Go and C# programs to single-binary, WASM-sandboxed native executables with polymorphic output.☆99Jun 24, 2026Updated 2 weeks ago
- Object file loader implemented as a post-ex DLL for asynchronous BOF execution.☆29Jun 15, 2026Updated 3 weeks ago
- DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.☆210Jun 25, 2026Updated 2 weeks ago
- A PoC Cobalt Strike UDRL written in Rust☆31Jun 20, 2026Updated 3 weeks ago
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A EDR bypassing shellcode loader framework for Windows 10 64bit, featuring ETW/AMSI patching, Tartarus Gate, process protection and more☆57Jun 24, 2026Updated 2 weeks ago
- Sleep replacement that executes real, varied work to break behavioral pattern matching by EDR and anti-cheat systems☆34Jun 10, 2026Updated last month
- Smuggling C2 comms through links previews☆18Jun 17, 2026Updated 3 weeks ago
- multi layer encryption for payloads with options of delivery welcome to the Tenebris side☆25May 9, 2026Updated 2 months ago
- Set of PoC to abuse Windows minifilters functionality☆93May 1, 2026Updated 2 months ago
- PowerShell module for mapping byte offsets to source context and locating AMSI or Microsoft Defender detection boundaries in text and bin…☆35Updated this week
- A POC tool for exploring dev-tunnels☆66May 5, 2026Updated 2 months ago
- Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.☆84Jun 15, 2026Updated 3 weeks ago
- Busybox-style Beacon Object Files for *nix post-exploitation. Reimplements common Unix utilities as BOFs for use in stripped environments…☆81Jul 5, 2026Updated last week
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- .NET process monitor that hooks CLR at the native layer, dumps reflective assemblies from memory, and checks AMSI/ETW integrity vs on dis…☆39Updated this week
- Async BOF that notifies the operator when a user connects to a local or remote target system.☆34Jun 17, 2026Updated 3 weeks ago
- Rusty DoublePulsar - Cobalt Strike User-Defined Reflective Loader (UDRL) in Rust (Codename: DoublePulsar)☆113May 14, 2026Updated 2 months ago
- Memory API proxy via signed mozglue.dll☆40Jun 25, 2026Updated 2 weeks ago
- Async BOF to monitor and detect clipboard changes on a target system and return the clipboard contents.☆22May 5, 2026Updated 2 months ago
- Reflective DLL loader.☆25Jun 30, 2026Updated 2 weeks ago
- KslDump — Why bring your own knife when Defender already left one in the kitchen?☆392Apr 13, 2026Updated 3 months ago