Octoberfest7/Secure_Stager

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Octoberfest7/Secure_Stager)

Octoberfest7 / Secure_Stager

An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution

☆195

Alternatives and similar repositories for Secure_Stager

Users that are interested in Secure_Stager are comparing it to the libraries listed below

Sorting:

NtDallas / KrakenMask
View on GitHub
Sleep obfuscation
☆270Dec 13, 2024Updated last year
NtDallas / Draugr
View on GitHub
BOF with Synthetic Stackframe
☆233Oct 30, 2025Updated 4 months ago
MythicAgents / Hannibal
View on GitHub
A Mythic Agent written in PIC C.
☆206Feb 4, 2025Updated last year
Octoberfest7 / enumhandles_BOF
View on GitHub
☆126Sep 1, 2024Updated last year
JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆283Sep 18, 2024Updated last year
Octoberfest7 / Enumprotections_BOF
View on GitHub
A BOF to enumerate system process, their protection levels, and more.
☆125Nov 27, 2024Updated last year
boku7 / patchwerk
View on GitHub
BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
☆195Feb 6, 2025Updated last year
naksyn / DojoLoader
View on GitHub
Generic PE loader for fast prototyping evasion techniques
☆245Jul 2, 2024Updated last year
Teach2Breach / hollow_rs
View on GitHub
A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
☆31Feb 7, 2025Updated last year
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆683Oct 23, 2024Updated last year
silentwarble / PIC-Library
View on GitHub
A collection of position independent coding resources
☆107Nov 15, 2025Updated 4 months ago
senzee1984 / InflativeLoading
View on GitHub
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
☆326Apr 12, 2024Updated last year
vxCrypt0r / Voidmaw
View on GitHub
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…
☆343Oct 7, 2024Updated last year
Cracked5pider / earlycascade-injection
View on GitHub
early cascade injection PoC based on Outflanks blog post
☆239Nov 7, 2024Updated last year
NtDallas / Svartalfheim
View on GitHub
Stage 0
☆169Dec 18, 2024Updated last year
ricardojoserf / NativeBypassCredGuard
View on GitHub
Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
☆268Apr 8, 2025Updated 11 months ago
deepinstinct / DCOMUploadExec
View on GitHub
DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
☆384Dec 13, 2024Updated last year
kozmer / aad-bofs
View on GitHub
☆139Nov 17, 2025Updated 4 months ago
FalconForceTeam / bof-winrm-client
View on GitHub
☆127Jan 23, 2025Updated last year
CICADA8-Research / COMThanasia
View on GitHub
A set of programs for analyzing common vulnerabilities in COM
☆249Sep 8, 2024Updated last year
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆374Apr 19, 2023Updated 2 years ago
Tylous / FaceDancer
View on GitHub
FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loadi…
☆407Sep 26, 2024Updated last year
rasta-mouse / process-inject-kit
View on GitHub
Port of Cobalt Strike's Process Inject Kit
☆192Dec 1, 2024Updated last year
BlackSnufkin / NyxInvoke
View on GitHub
NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
☆234Feb 12, 2025Updated last year
reveng007 / DarkWidow
View on GitHub
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
☆787Jan 26, 2026Updated last month
senzee1984 / EDRPrison
View on GitHub
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
☆460Aug 2, 2024Updated last year
dobin / RedEdr
View on GitHub
Collect Windows telemetry for Maldev
☆464Jan 30, 2026Updated last month
ricardojoserf / TrickDump
View on GitHub
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
☆541May 9, 2025Updated 10 months ago
0xHossam / HuffLoader
View on GitHub
Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
☆283Apr 6, 2025Updated 11 months ago
ColeHouston / Sunder
View on GitHub
Windows rootkit designed to work with BYOVD exploits
☆217Jan 18, 2025Updated last year
fin3ss3g0d / StoneKeeper
View on GitHub
StoneKeeper C2, an experimental EDR evasion framework for research purposes
☆209Dec 25, 2024Updated last year
cpu0x00 / Ghost
View on GitHub
Evasive shellcode loader
☆400Oct 17, 2024Updated last year
tijme / relocatable
View on GitHub
Boilerplate to develop raw and truly Position Independent Code (PIC).
☆117Jan 20, 2025Updated last year
eversinc33 / PSXecute
View on GitHub
MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.
☆126Dec 6, 2024Updated last year
SpecterOps / cred1py
View on GitHub
A Python POC for CRED1 over SOCKS5
☆165Oct 5, 2024Updated last year
nbaertsch / Shrike
View on GitHub
Hunting and injecting RWX 'mockingjay' DLLs in pure nim
☆60Dec 11, 2024Updated last year
WKL-Sec / LayeredSyscall
View on GitHub
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
☆301Jul 31, 2024Updated last year
synacktiv / DLHell
View on GitHub
Local & remote Windows DLL Proxying
☆169Jun 17, 2024Updated last year
xforcered / ForsHops
View on GitHub
ForsHops
☆152Mar 25, 2025Updated 11 months ago