Arsenal of modules to beacon postex
☆100Mar 13, 2026Updated last month
Alternatives and similar repositories for PostEx-Arsenal
Users that are interested in PostEx-Arsenal are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆40Aug 5, 2025Updated 8 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆203Dec 30, 2025Updated 3 months ago
- Random BOFs for LDAP tradecraft☆74Sep 9, 2025Updated 7 months ago
- UDC2 implementation that provides an ICMP C2 channel☆120Nov 24, 2025Updated 4 months ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 7 months ago
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- Reports on Driver, LSASS and other security services mitigations☆34Aug 18, 2025Updated 7 months ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆129Jan 28, 2026Updated 2 months ago
- A reflective DLL development template for the Rust programming language☆119Nov 4, 2025Updated 5 months ago
- Help red teams find opsec processes during engagements☆43Dec 7, 2024Updated last year
- An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.☆120Oct 6, 2025Updated 6 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆150Apr 18, 2025Updated 11 months ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆73Nov 11, 2025Updated 5 months ago
- Commandline spoofing on Windows☆101Nov 25, 2025Updated 4 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Crystal Palace RDLL loader for Adaptix C2 with Ekko sleep obfuscation, IAT hooking via PICO, and per-section permission restoration☆110Mar 24, 2026Updated 3 weeks ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 11 months ago
- SOCKS5 proxy tool that uses Azure Storage services as a means of communication.☆345Mar 21, 2026Updated 3 weeks ago
- ForsHops☆59Mar 25, 2025Updated last year
- Enable EFS service as low priv user (PE & BOF)☆21Jul 6, 2025Updated 9 months ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆32Sep 24, 2025Updated 6 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆136Aug 31, 2025Updated 7 months ago
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆215Dec 17, 2025Updated 3 months ago
- Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulati…☆96Oct 17, 2025Updated 5 months ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Advanced Windows authentication token extraction and decryption tool for red team operations and security research☆93Apr 1, 2026Updated last week
- ☆47Dec 28, 2025Updated 3 months ago
- A Ligolo-ng JavaScript agent working inside Chrome & Chromium-based browsers by leveraging Isolated Web Applications.☆115Mar 30, 2026Updated 2 weeks ago
- An example reference design for a proposed BOF PE☆205Jan 23, 2026Updated 2 months ago
- remote process injections using pool party techniques☆71Jun 29, 2025Updated 9 months ago
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago
- ☆55May 31, 2025Updated 10 months ago
- ☆128Jan 23, 2025Updated last year
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆204Apr 21, 2025Updated 11 months ago
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated last year
- Python alternative to Mimikatz lsadump::dcshadow☆161Jun 24, 2025Updated 9 months ago
- Load and execute a common object file format (COFF) in the current process☆30Mar 9, 2024Updated 2 years ago
- Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.☆212Jan 6, 2026Updated 3 months ago
- find dll base addresses without PEB WALK☆162Jul 13, 2025Updated 9 months ago
- One-header configurable C++20 COFF loader☆19Jul 21, 2025Updated 8 months ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆94Jan 2, 2026Updated 3 months ago