Stealth dropper executing remote binaries without dropping them on disk .(HTTP3 support, ICMP support, invisible tracks, cross-platform,...)
☆205Jul 2, 2024Updated last year
Alternatives and similar repositories for fileless-xec
Users that are interested in fileless-xec are comparing it to the libraries listed below
Sorting:
- 🔎 Help find Trojan Source vulnerability in code 👀 . Useful for code review in project with multiple collaborators (CI/CD)☆47Dec 6, 2023Updated 2 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆337Jan 16, 2022Updated 4 years ago
- Golang binary for data exfiltration with ICMP protocol (+ ICMP bindshell, http over ICMP tunneling, ...)☆166Dec 10, 2021Updated 4 years ago
- PoC for UUID shellcode execution using DInvoke☆155Mar 8, 2021Updated 4 years ago
- Encrypt embedded go files using age.☆49Oct 21, 2021Updated 4 years ago
- Extendable payload obfuscation and delivery framework☆146Nov 4, 2022Updated 3 years ago
- ☆153Jan 6, 2023Updated 3 years ago
- Windows NTLM Authentication Backdoor☆241Jan 15, 2025Updated last year
- Dumping LSASS with a duplicated handle from custom LSA plugin☆204Feb 23, 2022Updated 4 years ago
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆744Aug 18, 2023Updated 2 years ago
- 📡 Ease file sharing during pentest/CTF 🎸☆11Oct 18, 2022Updated 3 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Nov 19, 2022Updated 3 years ago
- PyQT5 app for LOLBAS and GTFOBins☆45May 3, 2022Updated 3 years ago
- ☆540Nov 20, 2021Updated 4 years ago
- POC tool to convert CobaltStrike BOF files to raw shellcode☆220Nov 5, 2021Updated 4 years ago
- WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement☆369Dec 24, 2021Updated 4 years ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆1,100Jun 10, 2024Updated last year
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- Collection of beacon BOF written to learn windows and cobaltstrike☆362Feb 24, 2023Updated 3 years ago
- Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut☆362Sep 8, 2022Updated 3 years ago
- Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers t…☆457Oct 25, 2021Updated 4 years ago
- A way to delete a locked file, or current running executable, on disk.☆616Nov 5, 2025Updated 4 months ago
- Self‑healing Gossip Mesh C2 with Assisted Peer Discovery, Modular Post‑Exploitation, and OPSEC‑Focused Transport☆1,691Feb 25, 2026Updated last week
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆595Jul 26, 2021Updated 4 years ago
- Reflectively load PE☆106Aug 4, 2020Updated 5 years ago
- A tool for generating fake code signing certificates or signing real ones☆961Apr 17, 2023Updated 2 years ago
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆473Jul 6, 2024Updated last year
- Code Execution & Persistence in NETWORK SERVICE FAX Service☆35Feb 2, 2026Updated last month
- mTLS-Encrypted Back-Connect SOCKS5 Proxy☆479Sep 19, 2023Updated 2 years ago
- A basic emulation of an "RPC Backdoor"☆242Aug 25, 2022Updated 3 years ago
- ScareCrow - Payload creation framework designed around EDR bypass.☆2,874Aug 18, 2023Updated 2 years ago
- LOLBINs that inject a DLL into a given process ID.☆139Nov 21, 2021Updated 4 years ago
- Managed code hooking template.☆134Nov 19, 2021Updated 4 years ago
- Suite of Shellcode Running Utilities☆113Jan 30, 2020Updated 6 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.☆115Jun 7, 2021Updated 4 years ago
- Open-Source Shellcode & PE Packer☆2,069Feb 3, 2024Updated 2 years ago
- Execute unmanaged Windows executables in CobaltStrike Beacons☆714Mar 4, 2023Updated 3 years ago