Evasive loader for .NET Framework assemblies
☆44May 14, 2026Updated 2 months ago
Alternatives and similar repositories for PositiveIntent
Users that are interested in PositiveIntent are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- PoC for CVE-2026-3609 - XIGNCODE3 xhunter1.sys handle leak enabling PPL bypass and LSASS dumping☆29May 12, 2026Updated 2 months ago
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆85Mar 15, 2026Updated 3 months ago
- Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueAp…☆74Feb 17, 2026Updated 4 months ago
- Havoc BOF implementation of BYOVD attack to terminate PPL-protected EDR processes using a signed Microsoft kernel driver.☆39Apr 6, 2026Updated 3 months ago
- A credential extraction BOF for Veeam Backup and Replication and Veeam One☆78Jul 1, 2026Updated last week
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- A simple OAuth App designed to capture OAuth tokens when users authenticate through GitHub OAuth flow.☆25Apr 20, 2026Updated 2 months ago
- COM Windows Persistence Technique☆89Apr 27, 2026Updated 2 months ago
- EDRUnChoker - fileless WMI defense that removes EDRChoker QoS throttling policies☆43Jun 8, 2026Updated last month
- .NET CLR-Stomping☆146May 20, 2026Updated last month
- Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.☆46Jun 18, 2026Updated 3 weeks ago
- ASPX Web Shell with COFF Loader☆133Mar 10, 2026Updated 4 months ago
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- A Cobalt Strike Beacon Object File that exploits the BlueHammer vulnerability that to obtain a copy of the SAM database.☆166Apr 15, 2026Updated 2 months ago
- Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel☆60Apr 13, 2025Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A PoC Cobalt Strike UDRL written in Rust☆31Jun 20, 2026Updated 3 weeks ago
- Beacon Object File to Enable Chrome DevTools Protocol (CDP)☆116Jul 1, 2026Updated last week
- Fritter is a heavily modified fork of TheWover and Odzhan's Donut shellcode generator.☆243Jun 11, 2026Updated last month
- A Ligolo-ng JavaScript agent working inside Chrome & Chromium-based browsers by leveraging Isolated Web Applications.☆134Mar 30, 2026Updated 3 months ago
- AdaptixC2 default beacon agent extended to support Crystal Palace loaders.☆62May 4, 2026Updated 2 months ago
- Activation Context Hijacking Evasion Tool☆293Jun 17, 2026Updated 3 weeks ago
- DCOM in memory and fileless lateral movement techniques through .Net deserilization☆272Jun 22, 2026Updated 3 weeks ago
- A different approach to writing BOFs in rust.☆21Aug 20, 2025Updated 10 months ago
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself☆97Apr 9, 2026Updated 3 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- SharpDPAPI ported to Cobalt Strike BOFs — 19 self-contained BOFs for DPAPI credential triage☆16Feb 24, 2026Updated 4 months ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆41Aug 5, 2025Updated 11 months ago
- Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.☆252Jun 11, 2024Updated 2 years ago
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- ☆37Nov 8, 2024Updated last year
- PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads☆257Oct 30, 2025Updated 8 months ago
- Polymorphic AV/AMSI bypass toolkit - Donut shellcode runner for offensive .NET/PE tools☆36May 26, 2026Updated last month
- A EDR bypassing shellcode loader framework for Windows 10 64bit, featuring ETW/AMSI patching, Tartarus Gate, process protection and more☆57Jun 24, 2026Updated 2 weeks ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A sleepmask based on Ekko that preserves unwind data at sleep time.☆54Mar 30, 2026Updated 3 months ago
- Rusty Armory - Beacon Object Files (BOFs) in Rust (Codename: Armory)☆69Apr 3, 2026Updated 3 months ago
- Advanced OPSEC fork of Donut. Features a Custom in-memory CLR Host, Tail-Jump ETW bypasses, and zero-patch AMSI evasion for stealthy shel…☆68Jun 24, 2026Updated 2 weeks ago
- Staged DLL injection proof-of-concept built in C using Win32 APIs — developed in an isolated lab environment for red team certification s…☆40Jun 4, 2026Updated last month
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- Evasive loader for .NET Framework assemblies☆82May 12, 2026Updated 2 months ago
- UDC2 implementation that provides an ICMP C2 channel☆125Nov 24, 2025Updated 7 months ago