Advanced In-Memory PowerShell Process Injection Framework
☆73Jul 16, 2025Updated 8 months ago
Alternatives and similar repositories for PhantomInjector
Users that are interested in PhantomInjector are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆17Jan 9, 2025Updated last year
- SharpCoercer is a .NET 4.8 C# tool that leverages 16 different RPC-based coercion methods to force remote Windows hosts to authenticate t…☆56Jul 13, 2025Updated 8 months ago
- Powershell and python utilties for Entra Connect☆29Jun 5, 2025Updated 9 months ago
- SAM Dumping in C#☆54Nov 27, 2025Updated 3 months ago
- custom impacket mssqlclient☆26Sep 16, 2023Updated 2 years ago
- Client-side Encrypted Upload Server Python Script☆67Jul 10, 2025Updated 8 months ago
- Sh3ller is a lightweight C2 framework in its simplest form.☆31Sep 5, 2025Updated 6 months ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆234Feb 12, 2025Updated last year
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 6 months ago
- Stage 0☆169Dec 18, 2024Updated last year
- Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from si…☆42Feb 6, 2026Updated last month
- A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.☆92Jan 8, 2025Updated last year
- A nim port of C5pider's Ekko project.☆17Oct 1, 2022Updated 3 years ago
- Ludus role for deploying a Mythic Teamserver onto Linux servers☆23Mar 16, 2025Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel☆61Apr 13, 2025Updated 11 months ago
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆78Oct 27, 2025Updated 4 months ago
- rust port of pspy with support for process monitoring over dbus☆37Jan 4, 2026Updated 2 months ago
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆24Jul 5, 2023Updated 2 years ago
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆50Jan 25, 2025Updated last year
- Python C2 with JScript Implant☆15Nov 15, 2023Updated 2 years ago
- Interract with Microsoft SQL Server (MS SQL | MSSQL) servers and their linked instances in restricted environments, without the need for …☆54Mar 11, 2026Updated last week
- A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA …☆167Nov 2, 2025Updated 4 months ago
- Retrieve and display information about active user sessions on remote computers. No admin privileges required.☆209Aug 12, 2024Updated last year
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆124Jan 17, 2026Updated 2 months ago
- ☆26Aug 11, 2025Updated 7 months ago
- Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without …☆230Oct 6, 2024Updated last year
- ☆53Sep 23, 2025Updated 6 months ago
- Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack. Implemented in C#, C++, Crystal, P…☆129Feb 17, 2026Updated last month
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆72Dec 26, 2025Updated 2 months ago
- Code execution/injection technique using DLL PEB module structure manipulation☆224Jun 4, 2025Updated 9 months ago
- ☆31Jul 26, 2024Updated last year
- Linux CS bypass technique☆32Feb 4, 2025Updated last year
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆210Dec 17, 2025Updated 3 months ago
- Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy☆168Nov 17, 2025Updated 4 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆216Oct 19, 2024Updated last year
- PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirector…☆401Jan 14, 2026Updated 2 months ago
- Ghosting-AMSI☆228Apr 24, 2025Updated 11 months ago
- Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion☆103Jul 9, 2025Updated 8 months ago