converts sRDI compatible dlls to shellcode
☆35Jan 20, 2025Updated last year
Alternatives and similar repositories for dll2shell
Users that are interested in dll2shell are comparing it to the libraries listed below
Sorting:
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- Dynamically resolve API function addresses at runtime in a secure manner.☆73Nov 11, 2025Updated 4 months ago
- find dll base addresses without PEB WALK☆162Jul 13, 2025Updated 8 months ago
- remote process injections using pool party techniques☆70Jun 29, 2025Updated 8 months ago
- A collection of position independent coding resources☆107Nov 15, 2025Updated 4 months ago
- ☆26Aug 11, 2025Updated 7 months ago
- FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loadi…☆407Sep 26, 2024Updated last year
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆50Jan 25, 2025Updated last year
- bring your own clean ntdll (or other MS dlls)☆29Jul 14, 2025Updated 8 months ago
- BOF with Synthetic Stackframe☆233Oct 30, 2025Updated 4 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆31Jan 30, 2025Updated last year
- Mythic C2 Agent written in x64 PIC C☆84Jan 29, 2025Updated last year
- ☆18Aug 8, 2024Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 10 months ago
- A COFF Loader written in Rust☆140Dec 1, 2025Updated 3 months ago
- Use Rust to implement some Red Team techniques :)☆13Nov 11, 2024Updated last year
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post☆239Nov 7, 2024Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 2 months ago
- Bypass LSA protection using the BYODLL technique☆172Sep 21, 2024Updated last year
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 8 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆151Apr 18, 2025Updated 11 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆326Apr 12, 2024Updated last year
- Mentally ill EtwTi parser☆69Jan 11, 2026Updated 2 months ago
- ☆33Jan 23, 2025Updated last year
- A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and sta…☆122Updated this week
- Reverse SOCKS5 Proxy Written in Rust☆28Mar 9, 2021Updated 5 years ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆200Dec 30, 2025Updated 2 months ago
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- ☆128Dec 12, 2025Updated 3 months ago
- A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.☆67Feb 11, 2025Updated last year
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- A proof-of-concept to demonstrate randomized execution paths and their impact on call stack signatures — ideal for EDR testing, behavior-…☆24Jan 17, 2026Updated 2 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆374Apr 19, 2023Updated 2 years ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- ☆55May 31, 2025Updated 9 months ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆139Aug 25, 2025Updated 6 months ago