RedSiege/Jigsaw

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/RedSiege/Jigsaw)

RedSiege / Jigsaw

Hide shellcode by shuffling bytes into a random array and reconstruct at runtime

☆203

Alternatives and similar repositories for Jigsaw

Users that are interested in Jigsaw are comparing it to the libraries listed below

Sorting:

0xcf80 / ShellCodeLoader_Indirect_Syscalls
View on GitHub
Shellcode Loader using indirect syscalls
☆16Jan 21, 2024Updated 2 years ago
fin3ss3g0d / IoDllProxyLoad
View on GitHub
DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
☆65Mar 19, 2024Updated 2 years ago
rtecCyberSec / Packer_Development
View on GitHub
Slides & Code snippets for a workshop held @ x33fcon 2024
☆284Jun 15, 2024Updated last year
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆685Oct 23, 2024Updated last year
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆438Dec 21, 2023Updated 2 years ago
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆374Apr 19, 2023Updated 2 years ago
CICADA8-Research / RemoteKrbRelay
View on GitHub
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
☆640May 8, 2025Updated 10 months ago
nbaertsch / nimvoke
View on GitHub
Indirect syscalls + DInvoke made simple.
☆95Dec 24, 2024Updated last year
JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆283Sep 18, 2024Updated last year
0xsp-SRD / MDE_Enum
View on GitHub
comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
☆211Jun 10, 2024Updated last year
rasta-mouse / SpawnWith
View on GitHub
☆110Feb 17, 2025Updated last year
Cracked5pider / earlycascade-injection
View on GitHub
early cascade injection PoC based on Outflanks blog post
☆239Nov 7, 2024Updated last year
ricardojoserf / NativeDump
View on GitHub
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
☆701May 7, 2025Updated 10 months ago
Octoberfest7 / DropSpawn_BOF
View on GitHub
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
☆286Jun 8, 2023Updated 2 years ago
Cipher7 / ChaiLdr
View on GitHub
AV bypass while you sip your Chai!
☆223May 17, 2024Updated last year
helviojunior / hookchain
View on GitHub
HookChain: A new perspective for Bypassing EDR Solutions
☆594Jan 5, 2025Updated last year
jakobfriedl / BenevolentLoader
View on GitHub
Shellcode loader using direct syscalls via Hell's Gate and payload encryption.
☆102Jun 16, 2024Updated last year
RedSiege / GraphStrike
View on GitHub
Cobalt Strike HTTPS beaconing over Microsoft Graph API
☆626Jun 25, 2024Updated last year
RedefiningReality / Cobalt-Strike
View on GitHub
Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
☆324May 17, 2024Updated last year
Cipher7 / ApexLdr
View on GitHub
ApexLdr is a DLL Payload Loader written in C
☆117Jul 17, 2024Updated last year
WKL-Sec / dcomhijack
View on GitHub
Lateral Movement Using DCOM and DLL Hijacking
☆324Jun 18, 2023Updated 2 years ago
S3cur3Th1sSh1t / Ruy-Lopez
View on GitHub
☆319Jun 28, 2023Updated 2 years ago
vxCrypt0r / Voidgate
View on GitHub
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…
☆592Jun 12, 2024Updated last year
reveng007 / DarkWidow
View on GitHub
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
☆787Jan 26, 2026Updated last month
Octoberfest7 / Secure_Stager
View on GitHub
An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
☆195Nov 27, 2024Updated last year
RedSiege / jargon
View on GitHub
☆155Mar 5, 2026Updated 2 weeks ago
outflanknl / unmanaged-dotnet-patch
View on GitHub
Modify managed functions from unmanaged code
☆53Feb 1, 2024Updated 2 years ago
cybersectroll / TrollDump
View on GitHub
☆84May 19, 2024Updated last year
gerbsec / SmokeyObfuscator
View on GitHub
Rewrite to fit my needs
☆32Jul 20, 2024Updated last year
WKL-Sec / LayeredSyscall
View on GitHub
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
☆301Jul 31, 2024Updated last year
passthehashbrowns / VectoredExceptionHandling
View on GitHub
☆108Aug 21, 2024Updated last year
RalfHacker / Kerbeus-BOF
View on GitHub
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
☆554Nov 23, 2025Updated 3 months ago
LuemmelSec / APEX
View on GitHub
Azure Post Exploitation Framework
☆245Oct 27, 2025Updated 4 months ago
EspressoCake / Defender-Exclusions-Creator-BOF
View on GitHub
☆83Nov 1, 2023Updated 2 years ago
mlcsec / EDRenum-BOF
View on GitHub
Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
☆133Oct 4, 2024Updated last year
Karkas66 / CelestialSpark
View on GitHub
Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …
☆103Mar 27, 2025Updated 11 months ago
floesen / KExecDD
View on GitHub
Admin to Kernel code execution using the KSecDD driver
☆264Apr 19, 2024Updated last year
xforcered / BOFMask
View on GitHub
☆128Jun 28, 2023Updated 2 years ago
0xHossam / HuffLoader
View on GitHub
Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
☆283Apr 6, 2025Updated 11 months ago