Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
☆104Dec 15, 2022Updated 3 years ago
Alternatives and similar repositories for Mangle
Users that are interested in Mangle are comparing it to the libraries listed below
Sorting:
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆24Apr 4, 2023Updated 2 years ago
- A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment.☆46Feb 27, 2024Updated 2 years ago
- ScareCrow - Payload creation framework designed around EDR bypass.☆359Jul 20, 2023Updated 2 years ago
- A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.☆15Apr 4, 2023Updated 2 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆130May 12, 2023Updated 2 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆63Mar 19, 2024Updated last year
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆45Sep 25, 2024Updated last year
- A web assembly (WASM) phishing lure generator based on pre-built templates and written in Rust with some GenAI assistance. W.A.L.K. aims …☆99Sep 5, 2024Updated last year
- Shellcode loader generator with multiples features☆508Dec 31, 2024Updated last year
- Process Hollowing in Rust with Process Executable Relocation Support for both 32 and 64 bit architecture environments.☆22Jan 6, 2025Updated last year
- HTML smuggling is not an evil, it can be useful☆14Jan 28, 2023Updated 3 years ago
- DLL proxying for lazy people☆200Dec 1, 2025Updated 3 months ago
- A BOF that runs unmanaged PEs inline☆681Oct 23, 2024Updated last year
- shellcode loader for your evasion needs☆352Apr 30, 2025Updated 10 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆368Apr 19, 2023Updated 2 years ago
- ☆154Mar 26, 2025Updated 11 months ago
- PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.☆568Jan 20, 2026Updated last month
- FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loadi…☆400Sep 26, 2024Updated last year
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆614Jan 2, 2025Updated last year
- ☆58Feb 16, 2025Updated last year
- Rust implementation, creating a scheduled task programmatically with user logon trigger.☆47Jun 10, 2025Updated 8 months ago
- ☆83Nov 1, 2023Updated 2 years ago
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆277Apr 17, 2023Updated 2 years ago
- Cobalt Strike BOF for evasive .NET assembly execution☆308Mar 31, 2025Updated 11 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆298Jul 31, 2024Updated last year
- ☆123Oct 9, 2023Updated 2 years ago
- Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence☆63Jun 23, 2025Updated 8 months ago
- Shellcode Loader Utilizing ETW Events☆67Feb 26, 2025Updated last year
- Sleep obfuscation☆268Dec 13, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Shellcode reflective DLL injection in Rust☆27Dec 26, 2025Updated 2 months ago
- Retired TrustedSec Capabilities☆248Jan 5, 2026Updated last month
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆675Aug 15, 2025Updated 6 months ago
- Good CLR Host with Native patchless AMSI Bypass☆103Apr 18, 2025Updated 10 months ago
- remote process injections using pool party techniques☆70Jun 29, 2025Updated 8 months ago
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆384Apr 26, 2025Updated 10 months ago
- Select any exported function in a dll as the new dll's entry point.☆81Oct 25, 2024Updated last year
- A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.☆31Feb 7, 2025Updated last year