Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueApcThreadEx2) for stealthy execution. Minimal permissions, no allocations/protection changes
☆63Feb 17, 2026Updated last week
Alternatives and similar repositories for FrankensteinAPCInjection
Users that are interested in FrankensteinAPCInjection are comparing it to the libraries listed below
Sorting:
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…☆75Nov 6, 2025Updated 3 months ago
- LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to…☆41Nov 4, 2025Updated 3 months ago
- ☆21Jun 9, 2023Updated 2 years ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- Command and Control Framework using powershell implants☆36Jun 17, 2025Updated 8 months ago
- ☆46Dec 5, 2023Updated 2 years ago
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆48Nov 2, 2025Updated 3 months ago
- shellcode transformation tool for YARA evasion☆52Dec 17, 2025Updated 2 months ago
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆137Dec 7, 2025Updated 2 months ago
- Custom Google search engine dedicated to IT security & hacking stuff. Over 240 high-quality sources.☆81Jan 15, 2026Updated last month
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- Built for red teamers, by red teamers - an MCP tool for malware development, OPSEC testing, and supporting custom loader design during re…☆43Aug 10, 2025Updated 6 months ago
- ☆108Aug 21, 2024Updated last year
- Execute commands, in/exfiltrate files using your custom RPC Server☆65Jan 13, 2026Updated last month
- Minimalistic HTTP(S) client for the NT kernel☆62Dec 1, 2025Updated 2 months ago
- WinDbg Copilot - Agentic Debugging extension☆66Updated this week
- ☆48Nov 26, 2025Updated 3 months ago
- ☆42Updated this week
- Sleep obfuscation☆268Dec 13, 2024Updated last year
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆121Dec 23, 2025Updated 2 months ago
- A lightweight Windows Prefetch file parser to extract programs' execution history☆66Jan 12, 2026Updated last month
- PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are rela…☆43Jul 9, 2025Updated 7 months ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆38Dec 7, 2025Updated 2 months ago
- adws enumeration bof☆167Feb 16, 2026Updated last week
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆70Dec 26, 2025Updated 2 months ago
- PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.☆72Oct 22, 2025Updated 4 months ago
- sigreturn-oriented programming (SROP) based sleep obfuscation poc for Linux☆66Dec 15, 2025Updated 2 months ago
- Installing wazuh SIEM Unified XDR and SIEM protection☆33Jun 3, 2025Updated 8 months ago
- A tiny macro library for protecting sensitive strings in compiled binaries☆40Oct 8, 2024Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆128Oct 4, 2024Updated last year
- A tool to easily perform GitHub Device Code Phishing on red team engagements☆85Feb 9, 2026Updated 2 weeks ago
- Dump LSASS via physical memory read primitives in vulnerable kernel drivers☆261Feb 2, 2026Updated 3 weeks ago
- Tool to enumerate privileged Scheduled Tasks on Remote Systems☆280Jan 12, 2026Updated last month
- PoC for CVE-2023-28771 based on Rapid7's excellent writeup☆30May 23, 2023Updated 2 years ago
- ☆50Jun 4, 2025Updated 8 months ago
- Lsass dumper evading (all ?) EDR detection☆48Nov 10, 2025Updated 3 months ago
- SpicyAD is a C# Active Directory penetration testing tool designed for authorized security assessments. It combines multiple AD attack te…☆99Dec 23, 2025Updated 2 months ago
- Evasion kit for Cobalt Strike☆385Updated this week