WithSecureLabs/TickTock external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

WithSecureLabs/TickTock

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/WithSecureLabs/TickTock)

Close

WithSecureLabs / TickTockView on GitHubMore

• External links
• Readme badge

☆113Oct 10, 2022Updated 3 years ago

Alternatives and similar repositories for TickTock

Users that are interested in TickTock are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• joe-desimone / patriot

  View on GitHub
  ☆157Jul 31, 2022Updated 3 years ago
• rad9800 / WTSRM

  View on GitHub
  WTSRM
  ☆215Aug 7, 2022Updated 3 years ago
• rad9800 / hwbp4mw

  View on GitHub
  ☆277Jan 14, 2023Updated 3 years ago
• Crypt0s / Ekko_CFG_Bypass

  View on GitHub
  A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
  ☆115Aug 29, 2022Updated 3 years ago
• rad9800 / VehApiResolve

  View on GitHub
  ☆119Aug 7, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆378May 24, 2022Updated 3 years ago
• rad9800 / BloatedHammer

  View on GitHub
  API Hammering with C++20
  ☆51Jul 21, 2022Updated 3 years ago
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆533Aug 1, 2022Updated 3 years ago
• Idov31 / Cronos

  View on GitHub
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆620Sep 26, 2023Updated 2 years ago
• zimnyaa / PhaseDive

  View on GitHub
  Sleep Obfuscation
  ☆45Oct 13, 2022Updated 3 years ago
• pathtofile / SealighterTI

  View on GitHub
  Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
  ☆198Dec 6, 2022Updated 3 years ago
• alal4465 / HeavensGateHook

  View on GitHub
  Hooking Heavens Gate in a weekend
  ☆13Jan 1, 2022Updated 4 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆221Nov 5, 2021Updated 4 years ago
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆279Jan 23, 2025Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• CCob / ProvisionAppx

  View on GitHub
  ☆39Oct 12, 2022Updated 3 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆251Jul 9, 2024Updated last year
• aaaddress1 / knownDlls_Poison

  View on GitHub
  ☆26Dec 29, 2021Updated 4 years ago
• Cracked5pider / CodeCave

  View on GitHub
  A bunch of scripts and code i wrote.
  ☆149Nov 7, 2024Updated last year
• thefLink / Hunt-Weird-ImageLoads

  View on GitHub
  Small tool to play with IOCs caused by Imageload events
  ☆44May 14, 2023Updated 2 years ago
• waldo-irc / YouMayPasser

  View on GitHub
  You shall pass
  ☆270Jul 16, 2022Updated 3 years ago
• gabriellandau / ShadowStackWalk

  View on GitHub
  Finding Truth in the Shadows
  ☆126Jan 26, 2023Updated 3 years ago
• Cracked5pider / Ekko

  View on GitHub
  Sleep Obfuscation
  ☆824Dec 3, 2023Updated 2 years ago
• SaadAhla / D1rkSleep

  View on GitHub
  Improved version of EKKO by @5pider that Encrypts only Image Sections
  ☆125Feb 13, 2023Updated 3 years ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• soufianetahiri / CitrixSecureAccessAuthCookieDump

  View on GitHub
  Dump Citrix Secure Access auth cookie from the process memory
  ☆76Jun 24, 2022Updated 3 years ago
• jdu2600 / EtwTi-FluctuationMonitor

  View on GitHub
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆173May 17, 2023Updated 2 years ago
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆148Feb 11, 2023Updated 3 years ago
• paranoidninja / Process-Instrumentation-Syscall-Hook

  View on GitHub
  A simple program to hook the current process to identify the manual syscall executions on windows
  ☆267Nov 18, 2022Updated 3 years ago
• WithSecureLabs / CallStackSpoofer

  View on GitHub
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆563Apr 8, 2025Updated last year
• NUL0x4C / KnownDllUnhook

  View on GitHub
  Replace the .txt section of the current loaded modules from \KnownDlls\
  ☆304Sep 28, 2022Updated 3 years ago
• nccgroup / DetectWindowsCopyOnWriteForAPI

  View on GitHub
  Enumerate various traits from Windows processes as an aid to threat hunting
  ☆201Jan 13, 2022Updated 4 years ago
• Cobalt-Strike / CallStackMasker

  View on GitHub
  A PoC implementation for dynamically masking call stacks with timers.
  ☆310Feb 13, 2023Updated 3 years ago
• eversinc33 / BouncyGate

  View on GitHub
  Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).
  ☆185Feb 12, 2023Updated 3 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• CodeXTF2 / HavocNotion

  View on GitHub
  A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally …
  ☆92Oct 10, 2022Updated 3 years ago
• Allevon412 / BreadManModuleStomping

  View on GitHub
  ☆44Oct 16, 2023Updated 2 years ago
• waldo-irc / MalMemDetect

  View on GitHub
  Detect strange memory regions and DLLs
  ☆191Jan 20, 2022Updated 4 years ago
• deepinstinct / AMSI-Unchained

  View on GitHub
  Unchain AMSI by patching the provider’s unmonitored memory space
  ☆91Nov 24, 2022Updated 3 years ago
• xpn / WAMBam

  View on GitHub
  Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
  ☆131Jan 14, 2023Updated 3 years ago
• boku7 / halosgate-ps

  View on GitHub
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆107Mar 8, 2023Updated 3 years ago
• Yaxser / COFFLoader2

  View on GitHub
  Load and execute COFF files and Cobalt Strike BOFs in-memory
  ☆225Sep 13, 2022Updated 3 years ago