benheise / TitanLdrView external linksLinks
Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH
☆70Sep 6, 2021Updated 4 years ago
Alternatives and similar repositories for TitanLdr
Users that are interested in TitanLdr are comparing it to the libraries listed below
Sorting:
- Six cases demonstrating methods of optimizing GetProcAddress☆18Jan 3, 2022Updated 4 years ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 2 years ago
- ollvm, based on llvm-clang 5.0.2, 6.0.1, 7.0.1, 8.0, 9.0, 9.0.1☆19Apr 4, 2022Updated 3 years ago
- Example of using Sleep to create better named pipes.☆41Jul 25, 2023Updated 2 years ago
- ☆75Feb 4, 2024Updated 2 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- ☆129Jun 28, 2023Updated 2 years ago
- TypeLib persistence technique☆139Oct 22, 2024Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,004Jun 4, 2024Updated last year
- idk man this was the default github name☆35Apr 23, 2023Updated 2 years ago
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 2 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆125Feb 13, 2023Updated 3 years ago
- ☆11Feb 12, 2023Updated 3 years ago
- arm64 linux position-independent shellcode framework☆29Dec 12, 2025Updated 2 months ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆138Sep 12, 2022Updated 3 years ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆108Mar 8, 2023Updated 2 years ago
- A proof-of-concept shellcode loader that leverages AI/ML face recognition models to verify the identity of a user on a target system☆40Oct 30, 2024Updated last year
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆152Jul 20, 2022Updated 3 years ago
- ☆74Jun 17, 2025Updated 7 months ago
- Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…☆323Aug 2, 2023Updated 2 years ago
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆35Mar 28, 2023Updated 2 years ago
- BOF with Synthetic Stackframe☆220Oct 30, 2025Updated 3 months ago
- Modifies machine.config for persistence after installing signed .net assembly onto GAC☆13Mar 17, 2022Updated 3 years ago
- Implementation of ITaskHandler in C++☆14Feb 11, 2023Updated 3 years ago
- A simple BOF that disables some logging with NtSetInformationProcess☆13Oct 13, 2023Updated 2 years ago
- Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer☆17Mar 4, 2023Updated 2 years ago
- ☆17Jun 10, 2025Updated 8 months ago
- ☆42Feb 18, 2025Updated 11 months ago
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆102Jan 7, 2022Updated 4 years ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆158Nov 7, 2023Updated 2 years ago
- Kernel Mode Driver for Elevating Process Privileges☆134Mar 23, 2023Updated 2 years ago
- bring your own clean ntdll (or other MS dlls)☆28Jul 14, 2025Updated 7 months ago
- Select any exported function in a dll as the new dll's entry point.☆82Oct 25, 2024Updated last year
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆53May 21, 2020Updated 5 years ago
- malleable profile generator GUI for Havoc☆55Apr 28, 2023Updated 2 years ago
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆156Mar 26, 2025Updated 10 months ago
- Sleep Obfuscation☆45Oct 13, 2022Updated 3 years ago
- Detect WFP filters blocking EDR communications☆96Jan 5, 2024Updated 2 years ago