PIC shellcode (C/C++) development toolkit designed for malware developers.
☆121Dec 23, 2025Updated 2 months ago
Alternatives and similar repositories for epic
Users that are interested in epic are comparing it to the libraries listed below
Sorting:
- Windows User-Mode Shellcode Development Framework (WUMSDF)☆125Nov 17, 2025Updated 3 months ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆263Aug 31, 2025Updated 6 months ago
- BOF with Synthetic Stackframe☆225Oct 30, 2025Updated 4 months ago
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities☆58Updated this week
- A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…☆93Jan 21, 2026Updated last month
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- A cross-platform C++ framework for building Windows shellcode☆158Feb 9, 2026Updated 2 weeks ago
- A cmake template for crystal palace☆39Dec 20, 2025Updated 2 months ago
- Section-based payload obfuscation technique for x64☆64Aug 8, 2024Updated last year
- Hunting and injecting RWX 'mockingjay' DLLs in pure nim☆59Dec 11, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆281Sep 18, 2024Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated 11 months ago
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆200Apr 21, 2025Updated 10 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated last year
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆128Jan 28, 2026Updated last month
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆115Aug 29, 2022Updated 3 years ago
- ☆51Jun 28, 2025Updated 8 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆122Sep 8, 2024Updated last year
- ☆55May 31, 2025Updated 9 months ago
- Using Chromium-based browsers as a proxy for C2 traffic.☆146Dec 6, 2025Updated 2 months ago
- Shellcode Loader Utilizing ETW Events☆67Feb 26, 2025Updated last year
- From C, Rust or Zig to binary shellcode compiler based on Mingw gcc. It allows using Win32 APIs and standard libraries without any change…☆53Sep 22, 2025Updated 5 months ago
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible☆270Jun 18, 2025Updated 8 months ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆202Jun 6, 2024Updated last year
- ☆139Jan 16, 2025Updated last year
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 6 months ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆209Dec 25, 2024Updated last year
- Local SYSTEM auth trigger for relaying☆169Jul 22, 2025Updated 7 months ago
- Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does☆95Jul 3, 2025Updated 7 months ago
- ☆53Sep 23, 2025Updated 5 months ago
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆334Mar 6, 2025Updated 11 months ago
- Sleep obfuscation☆268Dec 13, 2024Updated last year