A memory-based evasion technique which makes shellcode invisible from process start to end.
☆16Aug 14, 2023Updated 2 years ago
Alternatives and similar repositories for phantom
Users that are interested in phantom are comparing it to the libraries listed below
Sorting:
- Dll hijack -- just one macro☆12Jul 3, 2023Updated 2 years ago
- Event Tracing for Windows EDR bypass in Rust (usermode)☆39Jun 9, 2024Updated last year
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- ☆21Feb 22, 2025Updated last year
- 一个普通的BOF用来BypassUAC☆22Apr 6, 2024Updated last year
- A BOF to create a scheduled task using a COM object.☆16Dec 3, 2024Updated last year
- Evasive shellcode loader with indirect syscalls, Thread name-calling allocation, PoolParty injection☆10Feb 26, 2025Updated last year
- dcsync bof☆44Feb 13, 2026Updated 2 weeks ago
- Periodically check hashcat cracking progress and notify of success.☆10Dec 18, 2018Updated 7 years ago
- Some anti-sandbox codes, copy directly to strengthen your own ShellCode☆12Dec 26, 2022Updated 3 years ago
- Enable EFS service as low priv user (PE & BOF)☆21Jul 6, 2025Updated 7 months ago
- Rehashing APIs to prevent hash based detection☆14Jan 7, 2025Updated last year
- Rust implementation, creating a scheduled task programmatically with user logon trigger.☆47Jun 10, 2025Updated 8 months ago
- 免杀绕过某60,过核晶,vt爆6个☆13May 1, 2023Updated 2 years ago
- Cobalt Strike Beacon Object File to to change the user's desktop wallpaper☆17Sep 15, 2023Updated 2 years ago
- use python on windows with full submodule support without installation�☆30Jan 23, 2025Updated last year
- A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…☆93Jan 21, 2026Updated last month
- 64-bit, position-independent implant template for Windows in Rust.☆173Nov 28, 2025Updated 3 months ago
- A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.☆17Feb 3, 2025Updated last year
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 5 months ago
- A tool to assist DLL hijacking via the Havoc GUI☆12Jan 9, 2024Updated 2 years ago
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- ☆38Oct 16, 2025Updated 4 months ago
- A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.☆161Oct 31, 2024Updated last year
- Beacon Object File (BOF) Template☆64Feb 6, 2026Updated 3 weeks ago
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulati…☆99Oct 17, 2025Updated 4 months ago
- Terminate AV/EDR leveraging BYOVD attack☆104Mar 21, 2025Updated 11 months ago
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- A reflective DLL development template for the Rust programming language☆114Nov 4, 2025Updated 3 months ago
- Kernel R&D | SysWhispers & HellsGate Successor, fully modular Indirect & Direct Syscall Framework - EDR/AV/AC Capability Platform☆37Updated this week
- demo unhooking functions in ntdll☆28Jul 15, 2025Updated 7 months ago
- various methods of making API calls☆19Feb 1, 2025Updated last year
- Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust☆86Jun 4, 2024Updated last year
- 个人学习使用,二开DcRAT,主要是增加了功能性插件☆17Jan 26, 2024Updated 2 years ago
- ☆22Jun 21, 2022Updated 3 years ago
- 基于 Agent + Instrumentation + ASM 的 Java 进程内存马检测与清除查杀工具(含 GUI)+CLI命令行操作功能☆39Oct 27, 2025Updated 4 months ago
- The most extensive collection of BOFs (Beacon Object Files) tailored for Red Teams using C++23☆23Jun 19, 2025Updated 8 months ago
- 10.15免杀绕过defender 360☆19Oct 16, 2023Updated 2 years ago