caueb/ThreadlessStompingKann external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

caueb/ThreadlessStompingKann

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/caueb/ThreadlessStompingKann)

Close

caueb / ThreadlessStompingKannView on GitHubMore

• External links
• Readme badge

Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.

☆78Dec 23, 2023Updated 2 years ago

Alternatives and similar repositories for ThreadlessStompingKann

Users that are interested in ThreadlessStompingKann are comparing it to the libraries listed below

• ZERODETECTION / Havoc_Demon_API_Hashing

  View on GitHub
  Rehashing APIs to prevent hash based detection
  ☆14Jan 7, 2025Updated last year
• JayGLXR / Rusty-Stardust

  View on GitHub
  A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…
  ☆59Mar 17, 2025Updated last year
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• hdks-bug / redteam-techniques

  View on GitHub
  Collection of red team techniques.
  ☆69Apr 25, 2025Updated 10 months ago
• kr0tt / EarlyExceptionHandling

  View on GitHub
  Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH
  ☆140Aug 31, 2025Updated 6 months ago
• dis0rder0x00 / ParentProcessManipulation-LNK

  View on GitHub
  Using LNK files and user input simulation to start processes under explorer.exe
  ☆34Sep 21, 2024Updated last year
• Cobalt-Strike / CallStackMasker

  View on GitHub
  A PoC implementation for dynamically masking call stacks with timers.
  ☆309Feb 13, 2023Updated 3 years ago
• CognisysGroup / SweetDreams

  View on GitHub
  Implementation of Advanced Module Stomping and Heap/Stack Encryption
  ☆225Jul 25, 2023Updated 2 years ago
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆105Feb 25, 2025Updated last year
• ioncodes / SilentLoad

  View on GitHub
  "Service-less" driver loading
  ☆184Nov 28, 2024Updated last year
• 0xRedpoll / SignalKeyBOF

  View on GitHub
  BOF to decrypt Signal Desktop chat logs
  ☆70Feb 20, 2025Updated last year
• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆139Apr 6, 2025Updated 11 months ago
• susMdT / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆52Dec 4, 2023Updated 2 years ago
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆326Apr 12, 2024Updated last year
• oldboy21 / SWAPPALA

  View on GitHub
  In-memory hiding technique
  ☆63Jan 5, 2025Updated last year
• eversinc33 / BouncyGate

  View on GitHub
  Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).
  ☆185Feb 12, 2023Updated 3 years ago
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆438Dec 21, 2023Updated 2 years ago
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆124Jan 17, 2026Updated 2 months ago
• susMdT / LoudSunRun

  View on GitHub
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆267Oct 16, 2024Updated last year
• silentwarble / Hannibal

  View on GitHub
  Mythic C2 Agent written in x64 PIC C
  ☆84Jan 29, 2025Updated last year
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆787Jan 26, 2026Updated last month
• Teach2Breach / hollow_rs

  View on GitHub
  A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
  ☆31Feb 7, 2025Updated last year
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆605Apr 19, 2023Updated 2 years ago
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆301Jul 31, 2024Updated last year
• hasherezade / waiting_thread_hijacking

  View on GitHub
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆264Aug 31, 2025Updated 6 months ago
• Maldev-Academy / TrapFlagForSyscalling

  View on GitHub
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆139Aug 25, 2025Updated 6 months ago
• kleiton0x00 / RtlHijack

  View on GitHub
  Alternative Read and Write primitives using Rtl* functions the unintended way.
  ☆79Aug 25, 2025Updated 6 months ago
• MalwareTech / EDRception

  View on GitHub
  A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
  ☆204Dec 27, 2023Updated 2 years ago
• securifybv / BOFRyptor

  View on GitHub
  ☆123Oct 9, 2023Updated 2 years ago
• itaymigdal / PartyLoader

  View on GitHub
  Threadless shellcode injection tool
  ☆68Aug 5, 2024Updated last year
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆268Apr 8, 2025Updated 11 months ago
• tijme / relocatable

  View on GitHub
  Boilerplate to develop raw and truly Position Independent Code (PIC).
  ☆117Jan 20, 2025Updated last year
• aancw / DllProxy-rs

  View on GitHub
  Rust Implementation of SharpDllProxy for DLL Proxying Technique
  ☆29Oct 27, 2022Updated 3 years ago
• rad9800 / FileRenameJunctionsEDRDisable

  View on GitHub
  ☆159Dec 13, 2024Updated last year
• zimnyaa / LEOPARDSEAL

  View on GitHub
  A simple Linux in-memory .so loader
  ☆33Mar 29, 2023Updated 2 years ago
• nbaertsch / AutoAppDomainHijack

  View on GitHub
  Automated .NET AppDomain hijack payload generation
  ☆129Feb 4, 2025Updated last year
• iilegacyyii / ThreadlessInject-BOF

  View on GitHub
  BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…
  ☆395Jan 9, 2024Updated 2 years ago
• vxCrypt0r / AMSI_VEH

  View on GitHub
  A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…
  ☆169May 30, 2024Updated last year
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆239Nov 7, 2024Updated last year