CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
☆51Apr 22, 2024Updated last year
Alternatives and similar repositories for SharpVenoma
Users that are interested in SharpVenoma are comparing it to the libraries listed below
Sorting:
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution☆199May 29, 2025Updated 9 months ago
- Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique☆20Dec 3, 2024Updated last year
- A simple BOF (Beacon Object File) to search files in the system☆15Dec 2, 2023Updated 2 years ago
- List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly☆61May 24, 2022Updated 3 years ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆102Jun 16, 2024Updated last year
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆51May 8, 2024Updated last year
- ☆11Nov 12, 2023Updated 2 years ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Mar 10, 2023Updated 2 years ago
- a stage1 DLL loader with sleep obfuscation☆36Dec 27, 2022Updated 3 years ago
- A collection of (even more) alternative shellcode callback methods in CSharp☆81Oct 26, 2024Updated last year
- ☆12Feb 19, 2026Updated last week
- A collection of scripts used to support an OffSecOps pipeline.☆15Jan 31, 2021Updated 5 years ago
- An example of Windows self-replicating malware.☆11Jan 16, 2023Updated 3 years ago
- Just another repository for malware development☆13May 12, 2024Updated last year
- Crystal Palace RDLL loader for Adaptix C2 with Ekko sleep obfuscation, IAT hooking via PICO, and per-section permission restoration☆65Updated this week
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆31Jan 14, 2023Updated 3 years ago
- ☆109Feb 17, 2025Updated last year
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆84Jan 6, 2023Updated 3 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- ☆29May 10, 2024Updated last year
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- ☆38Oct 16, 2025Updated 4 months ago
- HTML smuggling is not an evil, it can be useful☆14Jan 28, 2023Updated 3 years ago
- Excel Add In Payload Generator☆14Oct 9, 2023Updated 2 years ago
- ☆142May 4, 2022Updated 3 years ago
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆45Sep 25, 2024Updated last year
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- 64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free☆65Mar 8, 2023Updated 2 years ago
- Beacon Object File to locate and suspend the threads hosting the Event Log service☆29Jun 17, 2022Updated 3 years ago
- Bypass EDR Create TaskServers☆39Dec 24, 2022Updated 3 years ago
- Position-independent Reflective Loader for macOS☆112Feb 19, 2026Updated last week
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆122May 29, 2024Updated last year
- various methods of making API calls☆19Feb 1, 2025Updated last year
- PoC script to demonstrate collection of SCCM attack paths that can be viewed in BH with OpenGraph☆24Aug 2, 2025Updated 6 months ago
- Shellcode Loader using indirect syscalls☆16Jan 21, 2024Updated 2 years ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆108Mar 8, 2023Updated 2 years ago
- CVE-2021-26855 & CVE-2021-27065☆28Mar 15, 2021Updated 4 years ago
- A C# Solution Source Obfuscator for avoiding AV signatures with minimal user interaction. Powered by the Roslyn C# library.☆99Mar 25, 2025Updated 11 months ago
- AV bypass while you sip your Chai!☆224May 17, 2024Updated last year