Alternatives and similar repositories for C2-framework:

Users that are interested in C2-framework are comparing it to the libraries listed below

• CyberSecurityUP / ProcessKiller-BYOVD
  BYOVD Technique Example using viragt64 driver
  ☆35Updated 8 months ago
• TimMisiak / RunWithDll
  A utility that can be used to launch an executable with a DLL injected
  ☆18Updated last year
• zer1t0 / keydump
  Dump Linux keyrings
  ☆17Updated 8 months ago
• cocomelonc / hack-process-hacker2
  Proof of Concept example for abusing Process Hacker 2 (v2.39.124)
  ☆21Updated 5 months ago
• 0xTriboulet / T-1
  T-1 is a shellcode loader that leverages ML techniques to detect VM environments
  ☆25Updated 5 months ago
• EvilBytecode / SsnRetrieval
  Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…
  ☆11Updated 7 months ago
• Quack2332 / Simple-C-Implant
  ☆11Updated 7 months ago
• OtterHacker / CoffLoader
  ☆52Updated 2 years ago
• susMdT / clr-thing
  rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.
  ☆16Updated last year
• 7eRoM / tutorials
  ☆15Updated last month
• kargisimos / dolus
  x86_64 LKM linux rootkit
  ☆16Updated last year
• watchtowrlabs / CVE-2025-0282
  Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282)
  ☆22Updated 2 months ago
• iDigitalFlame / XrMT
  e(X)tensiable (Rust) Malware Toolkit: (Soon!) Full Featured Rust C2 Framework with Awesome Features!
  ☆23Updated 7 months ago
• Pwnd4 / DefenseEvasion
  Bypassing AV, EDR, Application Whitelisting and ASR Rules
  ☆11Updated last year
• zimnyaa / beepsyscall
  An adaptation of timwhitez's proxycall that uses kernelbase.dll!Beep.
  ☆12Updated last year
• yutianqaq / Anti-Sandbox-Go
  Some anti-sandbox techniques implemented in Golang.
  ☆10Updated last year
• lem0nSec / SkeletonKey
  Reproducing the SkeletonKey malware.
  ☆11Updated 11 months ago
• Mazzy-Stars / lain_c2
  command control framework
  ☆20Updated this week
• smokeme / ProxyNotShell
  ☆18Updated 2 years ago
• Kharos102 / ReadWriteDriverSample
  ☆21Updated 11 months ago
• itaymigdal / some-scripts
  Some Cyber Security related scripts
  ☆18Updated last year
• rbmm / PPL
  run process as PPL Antimalware
  ☆10Updated last year
• atabetnouhaila / API-hashing
  ☆18Updated 5 months ago
• Teach2Breach / snapinject_rs
  A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
  ☆45Updated 2 months ago
• Faran-17 / EarlyBird-APC-Injection
  Demonstration of Early Bird APC Injection - MITRE ID T1055.004
  ☆30Updated last year
• EvilBytecode / PPID-Spoofing
  Parent Process ID Spoofing, coded in CGo.
  ☆22Updated 9 months ago
• tykawaii98 / CVE-2024-21338_PoC
  ☆39Updated 9 months ago
• Azr43lKn1ght / Rust-ProcHollow
  Process Hollowing in Rust with Process Executable Relocation Support for both 32 and 64 bit architecture environments.
  ☆16Updated 2 months ago
• Cracked5pider / unguard-eat
  havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets
  ☆26Updated 7 months ago
• affix / rusty-hollow
  Unix Process hollowing in rust
  ☆21Updated 3 months ago