Advanced Command and Control Framework for Authorized Red Team Operations
☆56Mar 1, 2026Updated 4 months ago
Alternatives and similar repositories for RTLC2
Users that are interested in RTLC2 are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- AV/EDR evasion via direct and indirect system calls Windows NT 3.1 through Windows 11 24H2 · x64 · x86 · WoW64 · ARM64☆538Mar 7, 2026Updated 4 months ago
- PoC for covert persistence via Windows Push Task Scheduler (WPTaskScheduler) RPC interface — invisible to schtasks, Get-ScheduledTask, an…☆67Jun 15, 2026Updated last month
- Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueAp…☆74Feb 17, 2026Updated 4 months ago
- Adaptix C2 service plugin that drives LitterBox payload analysis from the operator UI.☆61May 4, 2026Updated 2 months ago
- PolyEngine is an evasive PE packer designed for CTF challenges and low-level Windows security education. It focuses on bypassing EDR and …☆147Jun 10, 2026Updated last month
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- An impacket-lite cli tool that combines many useful impacket functions using a single session.☆60Updated this week
- ASPX Web Shell with COFF Loader☆133Mar 10, 2026Updated 4 months ago
- A BOF designed to inspect processes memory and addresses☆40Apr 19, 2026Updated 2 months ago
- Demonstrating 3 persistence layers from a single EXE, that converts itself into proxy DLLs at runtime☆94Mar 29, 2026Updated 3 months ago
- Dump LSASS via physical memory read primitives in vulnerable kernel drivers☆335Feb 2, 2026Updated 5 months ago
- Object file loader implemented as a post-ex DLL for asynchronous BOF execution.☆29Jun 15, 2026Updated last month
- Havoc BOF implementation of BYOVD attack to terminate PPL-protected EDR processes using a signed Microsoft kernel driver.☆39Apr 6, 2026Updated 3 months ago
- Evasive loader for .NET Framework assemblies☆44May 14, 2026Updated 2 months ago
- The NeoC2 Framework☆32Jul 4, 2026Updated last week
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- KHAOS is a modern C2 framework that routes agent traffic through cloud services already trusted by enterprise networks.☆187Jul 8, 2026Updated last week
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆142Apr 22, 2026Updated 2 months ago
- A simple research-focused AES-based shellcode loader demonstrating in-memory execution and NTAPI techniques to help understand how custom…☆49Feb 19, 2026Updated 4 months ago
- In-memory BOF implementation of Silent Process Exit LSASS dump via RtlReportSilentProcessExit☆19Apr 14, 2026Updated 3 months ago
- Activation Context Hijacking Evasion Tool☆294Jun 17, 2026Updated 3 weeks ago
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack. Implemented in C#, C++, Crystal, P…☆137Feb 17, 2026Updated 4 months ago
- DevSecOps for the AI-era CI/CD pipeline. Catches the bugs your AI coding assistant introduces — before they reach production.☆20Updated this week
- open source port/reimplementation of the Cobalt Strike BOF Loader as is☆73Mar 8, 2026Updated 4 months ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Creating attacks paths across management and data planes☆64Jun 1, 2026Updated last month
- Beacon Object File (BOF) for identifying dependent child services of a given parent.☆19Jun 20, 2025Updated last year
- A Cobalt Strike RL built with Crystal Palac; module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and stati…☆225Mar 15, 2026Updated 4 months ago
- Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants☆192Jun 6, 2026Updated last month
- Automated Nim shellcode stager builder for Sliver C2 - cross-compiles a Windows evasion payload in one command. For authorized red team e…☆46Apr 12, 2026Updated 3 months ago
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆85Mar 15, 2026Updated 4 months ago
- Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons☆216Feb 11, 2026Updated 5 months ago
- modified mssqlclient from impacket to extract policies from the SCCM database☆47Feb 24, 2026Updated 4 months ago
- bypass edr杀软的dumplsass工具☆21Mar 21, 2025Updated last year
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆155Apr 18, 2025Updated last year
- IrisC2 is A modular C2 framework for authorized security research, featuring Iris Client, Server, Beacon, stager templates, payload gener…☆19Jul 2, 2026Updated 2 weeks ago
- ☆52Jun 12, 2026Updated last month
- Active Directory forensic framework☆16May 18, 2026Updated last month
- A Simple PoC☆22May 24, 2024Updated 2 years ago
- Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.☆409Updated this week
- Extract Windows credentials directly from VM memory snapshots and virtual disks☆1,416Jun 7, 2026Updated last month