Extract C2 Traffic
☆253Nov 25, 2024Updated last year
Alternatives and similar repositories for C2-Hunter
Users that are interested in C2-Hunter are comparing it to the libraries listed below
Sorting:
- MacroExploit use in excel sheet☆20Jun 12, 2023Updated 2 years ago
- A C# Command & Control framework☆1,026Mar 28, 2024Updated last year
- Bypass Malware Sandbox Evasion Ram check☆141Jan 3, 2023Updated 3 years ago
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆1,044Jun 20, 2023Updated 2 years ago
- Generate an obfuscated DLL that will disable AMSI & ETW☆331Jul 15, 2024Updated last year
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆282Feb 24, 2025Updated last year
- Loading Remote AES Encrypted PE in memory , Decrypted it and run it☆1,023Aug 29, 2023Updated 2 years ago
- kill anti-malware protected processes ( BYOVD )☆968Jul 21, 2023Updated 2 years ago
- A dynamic unpacking tool☆149Sep 17, 2023Updated 2 years ago
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆139Jul 10, 2025Updated 8 months ago
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- Kernel Mode Driver for Elevating Process Privileges☆132Mar 23, 2023Updated 2 years ago
- Now You See Me, Now You Don't☆1,028Jan 23, 2026Updated last month
- Spartacus DLL/COM Hijacking Toolkit☆1,083Feb 1, 2024Updated 2 years ago
- APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the …☆1,405Nov 7, 2024Updated last year
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,372Oct 27, 2023Updated 2 years ago
- This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp…☆440Aug 2, 2023Updated 2 years ago
- Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol☆264Sep 26, 2025Updated 5 months ago
- Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.☆680Nov 9, 2023Updated 2 years ago
- Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap☆246Aug 2, 2023Updated 2 years ago
- HVNC for Cobalt Strike☆1,304Dec 7, 2023Updated 2 years ago
- Winsocket for Cobalt Strike.☆104Jul 6, 2023Updated 2 years ago
- it is very good☆515Dec 20, 2022Updated 3 years ago
- pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory☆334Jun 22, 2024Updated last year
- A suite of tools to disrupt campaigns using the Sliver C2 framework.☆282Aug 5, 2023Updated 2 years ago
- Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs☆1,229Aug 18, 2023Updated 2 years ago
- Windows x64 kernel mode rootkit process hollowing POC.☆190Jun 30, 2023Updated 2 years ago
- A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing i…☆398Aug 2, 2023Updated 2 years ago
- A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.☆327Jan 31, 2023Updated 3 years ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆84Jan 6, 2023Updated 3 years ago
- Brute Ratel LDAP filtering and sorting tool. Easily take BR log output and pull hostnames for ease of use with other red team tooling. Su…☆38Nov 16, 2023Updated 2 years ago
- Go shellcode loader that combines multiple evasion techniques☆388Jun 21, 2023Updated 2 years ago
- PoCs and tools for investigation of Windows process execution techniques☆954Feb 2, 2026Updated last month
- EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offer…☆374Apr 6, 2024Updated last year
- Cobalt Strike UDRL for memory scanner evasion.☆1,008Jun 4, 2024Updated last year
- Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.☆2,280Feb 15, 2026Updated last month
- abusing Process Hacker driver to terminate other processes (BYOVD)☆82May 23, 2023Updated 2 years ago
- A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.☆90Nov 9, 2023Updated 2 years ago
- Bypass Malware Time Delays☆107Sep 23, 2022Updated 3 years ago