Tylous / Mangle
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
☆78Updated 2 years ago
Alternatives and similar repositories for Mangle:
Users that are interested in Mangle are comparing it to the libraries listed below
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆108Updated last year
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆154Updated last month
- Havoc C2 profile generator☆77Updated 5 months ago
- ☆153Updated 8 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆186Updated 4 months ago
- Adversary Emulation Framework☆98Updated 8 months ago
- A C# port from Invoke-GhostTask☆114Updated last year
- Port of Cobalt Strike's Process Inject Kit☆172Updated 4 months ago
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆136Updated 3 weeks ago
- ☆164Updated 8 months ago
- .NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS☆139Updated 2 months ago
- C or BOF file to extract WebKit master key to decrypt user cookie☆194Updated 11 months ago
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆224Updated 2 years ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆88Updated 9 months ago
- Lateral Movement☆122Updated last year
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆127Updated 4 months ago
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆150Updated last year
- TeamServer and Client of Exploration Command and Control Framework☆123Updated 2 weeks ago
- ☆200Updated last year
- Cobalt Strike BOF for evasive .NET assembly execution☆221Updated 3 weeks ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆151Updated 11 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆300Updated 5 months ago
- A Mythic agent for Windows written in C☆117Updated this week
- A fast TCP/UDP tunnel over HTTP☆19Updated 3 months ago
- Patching AmsiOpenSession by forcing an error branching☆145Updated last year
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆56Updated this week
- ☆170Updated 5 months ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆173Updated 2 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆145Updated 11 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆186Updated last year