dmcxblue/WSL-Payloads external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

dmcxblue/WSL-Payloads

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/dmcxblue/WSL-Payloads)

Close

dmcxblue / WSL-PayloadsView on GitHubMore

• External links
• Readme badge

A small How-To on creating your own weaponized WSL file

☆122Jul 23, 2025Updated 7 months ago

Alternatives and similar repositories for WSL-Payloads

Users that are interested in WSL-Payloads are comparing it to the libraries listed below

• Thunter-HackTeam / EvilentCoerce

  View on GitHub
  ☆160May 5, 2025Updated 10 months ago
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆155Jul 23, 2025Updated 7 months ago
• Maldev-Academy / TrapFlagForSyscalling

  View on GitHub
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆138Aug 25, 2025Updated 6 months ago
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆165Oct 5, 2024Updated last year
• 0xTriboulet / ai-postex

  View on GitHub
  Proof-of-concept implementation of AI-enabled postex DLLs
  ☆54Sep 10, 2025Updated 5 months ago
• hoodoer / DragonHash

  View on GitHub
  Demo code JavaScript POC that tricks user into sending Windows hash to responder
  ☆37Dec 12, 2025Updated 2 months ago
• garrettfoster13 / ldap_bofs

  View on GitHub
  Random BOFs for LDAP tradecraft
  ☆74Sep 9, 2025Updated 5 months ago
• rxOred / process-hollowing

  View on GitHub
  process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
  ☆31Jan 9, 2022Updated 4 years ago
• sagiol / Terms-of-What

  View on GitHub
  Terms of Use Conditional Access M365 Evilginx Phishlet
  ☆44Jun 23, 2025Updated 8 months ago
• caueb / ThreadlessStompingKann

  View on GitHub
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆79Dec 23, 2023Updated 2 years ago
• ibaiC / FriendlyFireBOF

  View on GitHub
  A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
  ☆57Apr 14, 2025Updated 10 months ago
• mez-0 / citadel

  View on GitHub
  A Payload Analysis Framework
  ☆117Oct 9, 2025Updated 4 months ago
• chryzsh / awesome-bof

  View on GitHub
  🧠 The ultimate resource for finding Beacon Object Files (BOFs).
  ☆106Feb 25, 2026Updated last week
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• ColeHouston / theHandler-BOF

  View on GitHub
  Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
  ☆38Aug 5, 2025Updated 7 months ago
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆150Feb 10, 2025Updated last year
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆186Jan 17, 2026Updated last month
• amberchalia / fraction_loader

  View on GitHub
  ☆48Oct 14, 2025Updated 4 months ago
• alienkeric / VisualStudio-RCE-EvilSln

  View on GitHub
  A New Exploitation Technique for Visual Studio Projects
  ☆11Nov 5, 2023Updated 2 years ago
• dmcxblue / PyObscura

  View on GitHub
  A python script that automates a C2 Profile build
  ☆48Dec 14, 2025Updated 2 months ago
• EricEsquivel / Inline-EA

  View on GitHub
  Cobalt Strike BOF for evasive .NET assembly execution
  ☆308Mar 31, 2025Updated 11 months ago
• rvrsh3ll / Bolthole

  View on GitHub
  Dig your way out of networks like a Meerkat using SSH tunnels via ClickOnce.
  ☆275May 2, 2025Updated 10 months ago
• rtecCyberSec / BitlockMove

  View on GitHub
  Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking
  ☆436Jun 27, 2025Updated 8 months ago
• dr4ndrei / OHFFLdr

  View on GitHub
  One-header configurable C++20 COFF loader
  ☆21Jul 21, 2025Updated 7 months ago
• m4ul3r / malware

  View on GitHub
  malware written for educational purposes
  ☆71Dec 31, 2025Updated 2 months ago
• praetorian-inc / oauthseeker

  View on GitHub
  A malicious OAuth application that can be leveraged for both internal and external phishing attacks targeting Microsoft Azure and Office3…
  ☆168Jul 31, 2025Updated 7 months ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• AlmondOffSec / DCOMRunAs

  View on GitHub
  Lateral movement with DCOM DLL hijacking
  ☆177Jul 4, 2025Updated 8 months ago
• g0h4n / dende-rs

  View on GitHub
  Monitoring tool to detect patterns or IOCs (strings, regex, VirusTotal) and alert you and your team via console, Telegram or SMS written …
  ☆18Feb 17, 2026Updated 2 weeks ago
• phishingclub / session-sushi

  View on GitHub
  Zero dependency browser extension for handling import of cookies, Microsoft 365 OAuth tokens, and Graph API interactions.
  ☆23Feb 26, 2026Updated last week
• nbuzydeb / sincon24_modern_redteam

  View on GitHub
  This is the Git repository for the Modern Red Teaming workshop given at SINCON2024.
  ☆12May 23, 2024Updated last year
• Fudgedotdotdot / nimpersonate

  View on GitHub
  Impersonate Windows tokens in Nim
  ☆23Aug 4, 2025Updated 7 months ago
• MythicAgents / Kharon-Mtc

  View on GitHub
  C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…
  ☆199Dec 30, 2025Updated 2 months ago
• 0xRedpoll / ludus_cobaltstrike_teamserver

  View on GitHub
  Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers
  ☆18Mar 19, 2025Updated 11 months ago
• kapellos / LNKSmuggler

  View on GitHub
  A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.
  ☆92Jan 8, 2025Updated last year
• Tylous / FaceDancer

  View on GitHub
  FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loadi…
  ☆403Sep 26, 2024Updated last year
• JayGLXR / Rusty-Stardust

  View on GitHub
  A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…
  ☆59Mar 17, 2025Updated 11 months ago
• HackingLZ / saas_enum

  View on GitHub
  Command-line tool for discovering SaaS platforms a company uses via DNS enumeration
  ☆38Jul 23, 2025Updated 7 months ago
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆152Mar 25, 2025Updated 11 months ago