Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueApcThreadEx2) for stealthy execution. Minimal permissions, no allocations/protection changes
☆66Feb 17, 2026Updated last month
Alternatives and similar repositories for FrankensteinAPCInjection
Users that are interested in FrankensteinAPCInjection are comparing it to the libraries listed below
Sorting:
- Notion C2 Profile for Mythic☆35Mar 3, 2026Updated 2 weeks ago
- ClickForClickOnce - Generate configurable clickonce payloads☆91Oct 10, 2025Updated 5 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- Command and Control Framework using powershell implants☆36Jun 17, 2025Updated 9 months ago
- Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…☆81Nov 6, 2025Updated 4 months ago
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆51Nov 2, 2025Updated 4 months ago
- A BloodHound collector written in Go that discovers Linux and SSH attack paths. Outputs OpenGraph JSON and integrates with existing Sharp…☆71Feb 27, 2026Updated 2 weeks ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆137Dec 7, 2025Updated 3 months ago
- ☆46Dec 5, 2023Updated 2 years ago
- Built for red teamers, by red teamers - an MCP tool for malware development, OPSEC testing, and supporting custom loader design during re…☆43Aug 10, 2025Updated 7 months ago
- Crystal Palace library for proxying Nt API calls via the Threadpool. Updated for call gadgets.☆19Nov 11, 2025Updated 4 months ago
- ☆56Mar 13, 2026Updated last week
- Headless Binary Ninja MCP server — giving AI agents deep reverse-engineering capabilities via 180 tools.☆164Mar 4, 2026Updated 2 weeks ago
- ☆108Aug 21, 2024Updated last year
- a BOF implementation of various registry persistence methods☆95Nov 11, 2025Updated 4 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆133Oct 4, 2024Updated last year
- A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…☆277Feb 21, 2026Updated 3 weeks ago
- Opengraph-Compatible JSON Generator for BloodHound☆27Jan 12, 2026Updated 2 months ago
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- adws enumeration bof☆169Feb 16, 2026Updated last month
- PowerShell-based utility for mapping byte offsets to source code using hex and ASCII context for detection research and red team tooling.☆32Dec 31, 2025Updated 2 months ago
- exchange接口爆破|邮箱爆破☆20Sep 19, 2024Updated last year
- Sleep obfuscation☆270Dec 13, 2024Updated last year
- LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to…☆41Nov 4, 2025Updated 4 months ago
- ASPX Web Shell with COFF Loader☆112Mar 10, 2026Updated last week
- Multi-protocol credential validation tool with spray and no-spray modes for penetration testing.☆14Jan 4, 2026Updated 2 months ago
- Open KLara Project☆36Feb 12, 2026Updated last month
- PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are rela…☆45Jul 9, 2025Updated 8 months ago
- Microsoft Entra ID (Azure AD) Unauthenticated Enumeration☆69Feb 5, 2026Updated last month
- An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard histor…☆103Jan 9, 2026Updated 2 months ago
- ☆21Jun 9, 2023Updated 2 years ago
- Hackers Cookbook - Tons of hacker cli recipes ready to search and use when you need them☆42Mar 12, 2026Updated last week
- Azure apim mini proxy☆54Feb 16, 2026Updated last month
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆264Sep 23, 2025Updated 5 months ago
- Execute commands, in/exfiltrate files using your custom RPC Server☆66Jan 13, 2026Updated 2 months ago
- Impacket is a collection of Python classes for working with network protocols.☆12Nov 11, 2023Updated 2 years ago
- ☆28Updated this week
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year