Specialized tool to dump Position Independent Code.
☆22Aug 4, 2020Updated 5 years ago
Alternatives and similar repositories for picaboo
Users that are interested in picaboo are comparing it to the libraries listed below
Sorting:
- WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.☆13Oct 24, 2022Updated 3 years ago
- various methods of making API calls☆19Feb 1, 2025Updated last year
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Dump Citrix Secure Access auth cookie from the process memory☆76Jun 24, 2022Updated 3 years ago
- x64 Registration-Free In-Process COM Automation Server.☆51Nov 28, 2022Updated 3 years ago
- Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…☆64Jan 19, 2026Updated last month
- A fast python tool for creating permutations of alphanumerics☆11Mar 22, 2020Updated 5 years ago
- ☆11Jun 9, 2020Updated 5 years ago
- An example of how a driver can register a handle creation callback.☆16Jun 12, 2023Updated 2 years ago
- A library to parse, modify, and implement Malleable C2 profiles☆27Feb 9, 2019Updated 7 years ago
- A prototype malware C2 channel using x509 certificates over mTLS☆152Mar 15, 2024Updated last year
- ☆150Feb 7, 2026Updated 3 weeks ago
- ☆16Apr 14, 2020Updated 5 years ago
- ☆14Sep 22, 2023Updated 2 years ago
- Parses Cobalt Strike malleable C2 profiles.☆61Updated this week
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Mar 10, 2023Updated 2 years ago
- DynamicSyscalls is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking)☆66Nov 13, 2022Updated 3 years ago
- ☆124May 12, 2021Updated 4 years ago
- A simple Linux in-memory .so loader☆33Mar 29, 2023Updated 2 years ago
- A PoC tool for exploiting leaked process and thread handles☆32Feb 13, 2024Updated 2 years ago
- This tool parses NTDLL.DLL, extracts all the syscall numbers and helps in making direct syscalls, in order to help evasion.☆15Jun 6, 2022Updated 3 years ago
- ☆90Jun 2, 2024Updated last year
- List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly☆61May 24, 2022Updated 3 years ago
- From C, Rust or Zig to binary shellcode compiler based on Mingw gcc. It allows using Win32 APIs and standard libraries without any change…☆53Sep 22, 2025Updated 5 months ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- A collection of sample code used in some experiments with Sliver C2☆16Mar 28, 2023Updated 2 years ago
- Regex out URI parameters from backend code, craft URIs to check for reflections or send to local burp proxy☆13Dec 8, 2022Updated 3 years ago
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆121Dec 23, 2025Updated 2 months ago
- ☆39Oct 12, 2022Updated 3 years ago
- Infect Shared Files In Memory for Lateral Movement☆193Dec 14, 2022Updated 3 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Capture screenshots from .NET using .NET methods or Windows API calls☆66Mar 9, 2020Updated 5 years ago
- This is my own implementation of the Perun's Fart technique by Sektor7☆72May 14, 2022Updated 3 years ago
- Async rust support for the reverse-engineered Crowdstrike Falcon protocol between the Sensor and cloud services☆17Mar 10, 2023Updated 2 years ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- A collection of my presentation materials.☆17Apr 29, 2024Updated last year
- TeamServer.prop is an optional properties file used by the Cobalt Strike teamserver to customize the settings used to validate screenshot…☆68Aug 5, 2025Updated 6 months ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago