caueb/ThreadlessStompingKann external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

caueb/ThreadlessStompingKann

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/caueb/ThreadlessStompingKann)

Close

caueb / ThreadlessStompingKannView on GitHubMore

• External links
• Readme badge

Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.

☆79Dec 23, 2023Updated 2 years ago

Alternatives and similar repositories for ThreadlessStompingKann

Users that are interested in ThreadlessStompingKann are comparing it to the libraries listed below

• itaymigdal / GhostNap

  View on GitHub
  Sleep obfuscation for shellcode implants and their reflective shit
  ☆53Sep 19, 2023Updated 2 years ago
• JayGLXR / Rusty-Stardust

  View on GitHub
  A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…
  ☆59Mar 17, 2025Updated 11 months ago
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• kr0tt / EarlyExceptionHandling

  View on GitHub
  Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH
  ☆137Aug 31, 2025Updated 6 months ago
• hdks-bug / redteam-techniques

  View on GitHub
  Collection of red team techniques.
  ☆66Apr 25, 2025Updated 10 months ago
• eversinc33 / BouncyGate

  View on GitHub
  Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).
  ☆186Feb 12, 2023Updated 3 years ago
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆104Feb 25, 2025Updated last year
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆325Apr 12, 2024Updated last year
• ioncodes / SilentLoad

  View on GitHub
  "Service-less" driver loading
  ☆184Nov 28, 2024Updated last year
• vxCrypt0r / AMSI_VEH

  View on GitHub
  A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…
  ☆168May 30, 2024Updated last year
• susMdT / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆52Dec 4, 2023Updated 2 years ago
• Maldev-Academy / TrapFlagForSyscalling

  View on GitHub
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆139Aug 25, 2025Updated 6 months ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆776Jan 26, 2026Updated last month
• Cobalt-Strike / CallStackMasker

  View on GitHub
  A PoC implementation for dynamically masking call stacks with timers.
  ☆308Feb 13, 2023Updated 3 years ago
• oldboy21 / SWAPPALA

  View on GitHub
  In-memory hiding technique
  ☆63Jan 5, 2025Updated last year
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆433Dec 21, 2023Updated 2 years ago
• ZERODETECTION / Havoc_Demon_API_Hashing

  View on GitHub
  Rehashing APIs to prevent hash based detection
  ☆14Jan 7, 2025Updated last year
• dmcxblue / WSL-Payloads

  View on GitHub
  A small How-To on creating your own weaponized WSL file
  ☆121Jul 23, 2025Updated 7 months ago
• susMdT / LoudSunRun

  View on GitHub
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆261Oct 16, 2024Updated last year
• CognisysGroup / SweetDreams

  View on GitHub
  Implementation of Advanced Module Stomping and Heap/Stack Encryption
  ☆225Jul 25, 2023Updated 2 years ago
• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆137Apr 6, 2025Updated 10 months ago
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆605Apr 19, 2023Updated 2 years ago
• rad9800 / FileRenameJunctionsEDRDisable

  View on GitHub
  ☆159Dec 13, 2024Updated last year
• dis0rder0x00 / ParentProcessManipulation-LNK

  View on GitHub
  Using LNK files and user input simulation to start processes under explorer.exe
  ☆34Sep 21, 2024Updated last year
• itaymigdal / PartyLoader

  View on GitHub
  Threadless shellcode injection tool
  ☆68Aug 5, 2024Updated last year
• hasherezade / waiting_thread_hijacking

  View on GitHub
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆263Aug 31, 2025Updated 6 months ago
• hlldz / misc

  View on GitHub
  miscellaneous codes
  ☆36Sep 24, 2023Updated 2 years ago
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆266Apr 8, 2025Updated 10 months ago
• racoten / CannonLoader

  View on GitHub
  Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs
  ☆23Jul 11, 2025Updated 7 months ago
• MalwareTech / EDRception

  View on GitHub
  A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
  ☆203Dec 27, 2023Updated 2 years ago
• S3cur3Th1sSh1t / Caro-Kann

  View on GitHub
  Encrypted shellcode Injection to avoid Kernel triggered memory scans
  ☆407Sep 12, 2023Updated 2 years ago
• dobin / RedEdr

  View on GitHub
  Collect Windows telemetry for Maldev
  ☆460Jan 30, 2026Updated last month
• thiagopeixoto / mystique-self-injection

  View on GitHub
  An improvement and a different approach to Mockingjay Self-Injection.
  ☆35May 21, 2024Updated last year
• janoglezcampos / llvm-yx-callobfuscator

  View on GitHub
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆323Jan 17, 2024Updated 2 years ago
• rasta-mouse / CsWhispers

  View on GitHub
  Source generator to add D/Invoke and indirect syscall methods to a C# project.
  ☆190Mar 4, 2024Updated last year
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆297Jul 31, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆281Sep 18, 2024Updated last year
• icyguider / LatLoader

  View on GitHub
  PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
  ☆307Dec 9, 2023Updated 2 years ago
• securifybv / BOFRyptor

  View on GitHub
  ☆123Oct 9, 2023Updated 2 years ago