ROP-based sleep obfuscation to evade memory scanners
☆376Jun 22, 2025Updated 8 months ago
Alternatives and similar repositories for Shelter
Users that are interested in Shelter are comparing it to the libraries listed below
Sorting:
- Call stack spoofing for Rust☆357Feb 7, 2025Updated last year
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆262Jun 29, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- A beacon object file implementation of PoolParty Process Injection Technique.☆435Dec 21, 2023Updated 2 years ago
- Dynamically invoke arbitrary unmanaged code☆358Feb 19, 2026Updated 2 weeks ago
- Bypass LSA protection using the BYODLL technique☆172Sep 21, 2024Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆370Apr 19, 2023Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆233Mar 23, 2023Updated 2 years ago
- Collection of UAC Bypass Techniques Weaponized as BOFs☆609Feb 21, 2024Updated 2 years ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆541Feb 13, 2024Updated 2 years ago
- Sleep obfuscation☆270Dec 13, 2024Updated last year
- Using fibers to run in-memory code.☆243Oct 19, 2023Updated 2 years ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆614Jan 2, 2025Updated last year
- A COFF loader made in Rust☆327Feb 26, 2026Updated last week
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- DLL proxying for lazy people☆202Dec 1, 2025Updated 3 months ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆427Feb 11, 2024Updated 2 years ago
- A BOF that runs unmanaged PEs inline☆682Oct 23, 2024Updated last year
- Call Stack Spoofing for Rust☆210Jan 28, 2026Updated last month
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆779Jan 26, 2026Updated last month
- Threadless Process Injection through entry point hijacking☆350Sep 10, 2024Updated last year
- Library of BOFs to interact with SQL servers☆223Dec 3, 2025Updated 3 months ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆324Jan 17, 2024Updated 2 years ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆263Oct 16, 2024Updated last year
- Template-based shellcode packer written in Rust, with indirect syscall support. Made with <3 for pentesters.☆319Updated this week
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆234Feb 12, 2025Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆921Jul 20, 2024Updated last year
- A rust library that allows you to host the CLR and execute dotnet binaries.☆235Mar 12, 2025Updated 11 months ago
- For when DLLMain is the only way☆424Oct 29, 2024Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆411Jan 11, 2026Updated last month
- Threadless Process Injection using remote function hooking.☆809Sep 4, 2024Updated last year
- A set of fully-undetectable process injection techniques abusing Windows Thread Pools☆1,250Dec 11, 2023Updated 2 years ago
- Cobalt Strike HTTPS beaconing over Microsoft Graph API☆622Jun 25, 2024Updated last year
- Linux Sleep Obfuscation☆112Jan 7, 2024Updated 2 years ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆204Dec 27, 2023Updated 2 years ago
- Nameless C2 - A C2 with all its components written in Rust☆283Sep 26, 2024Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆299Jul 31, 2024Updated last year
- Host CLR and run .NET binaries using Rust☆151Dec 23, 2025Updated 2 months ago
- find dll base addresses without PEB WALK☆161Jul 13, 2025Updated 7 months ago