Extract C2 Traffic
☆253Nov 25, 2024Updated last year
Alternatives and similar repositories for C2-Hunter
Users that are interested in C2-Hunter are comparing it to the libraries listed below
Sorting:
- MacroExploit use in excel sheet☆20Jun 12, 2023Updated 2 years ago
- A C# Command & Control framework☆1,026Mar 28, 2024Updated last year
- Generate an obfuscated DLL that will disable AMSI & ETW☆330Jul 15, 2024Updated last year
- Bypass Malware Sandbox Evasion Ram check☆141Jan 3, 2023Updated 3 years ago
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆1,040Jun 20, 2023Updated 2 years ago
- kill anti-malware protected processes ( BYOVD )☆968Jul 21, 2023Updated 2 years ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆281Feb 24, 2025Updated last year
- Loading Remote AES Encrypted PE in memory , Decrypted it and run it☆1,019Aug 29, 2023Updated 2 years ago
- Kernel Mode Driver for Elevating Process Privileges☆132Mar 23, 2023Updated 2 years ago
- Spartacus DLL/COM Hijacking Toolkit☆1,083Feb 1, 2024Updated 2 years ago
- ☆189Jan 23, 2024Updated 2 years ago
- Fully modular persistence framework☆259Apr 10, 2023Updated 2 years ago
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆138Jul 10, 2025Updated 7 months ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,367Oct 27, 2023Updated 2 years ago
- Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol☆264Sep 26, 2025Updated 5 months ago
- Brute Ratel LDAP filtering and sorting tool. Easily take BR log output and pull hostnames for ease of use with other red team tooling. Su…☆38Nov 16, 2023Updated 2 years ago
- Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.☆674Nov 9, 2023Updated 2 years ago
- APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the …☆1,400Nov 7, 2024Updated last year
- PoCs and tools for investigation of Windows process execution techniques☆952Feb 2, 2026Updated 3 weeks ago
- Winsocket for Cobalt Strike.☆102Jul 6, 2023Updated 2 years ago
- A dynamic unpacking tool☆146Sep 17, 2023Updated 2 years ago
- pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory☆332Jun 22, 2024Updated last year
- A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client a…☆75Jun 27, 2023Updated 2 years ago
- A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.☆326Jan 31, 2023Updated 3 years ago
- This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp…☆438Aug 2, 2023Updated 2 years ago
- Go shellcode loader that combines multiple evasion techniques☆389Jun 21, 2023Updated 2 years ago
- EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offer…☆373Apr 6, 2024Updated last year
- Now You See Me, Now You Don't☆1,024Jan 23, 2026Updated last month
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆84Jan 6, 2023Updated 3 years ago
- Nidhogg is an all-in-one simple to use windows kernel rootkit.☆2,260Feb 15, 2026Updated last week
- Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic lo…☆270Jan 18, 2023Updated 3 years ago
- it is very good☆515Dec 20, 2022Updated 3 years ago
- Golang reverse proxy with CobaltStrike malleable profile validation.☆109Jan 19, 2023Updated 3 years ago
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆409Jan 11, 2026Updated last month
- Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs☆1,230Aug 18, 2023Updated 2 years ago
- HVNC for Cobalt Strike☆1,298Dec 7, 2023Updated 2 years ago
- Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles☆201Jun 25, 2024Updated last year