Arsenal of modules to beacon postex
☆97Mar 13, 2026Updated last week
Alternatives and similar repositories for PostEx-Arsenal
Users that are interested in PostEx-Arsenal are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 7 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆201Dec 30, 2025Updated 2 months ago
- Random BOFs for LDAP tradecraft☆74Sep 9, 2025Updated 6 months ago
- UDC2 implementation that provides an ICMP C2 channel☆118Nov 24, 2025Updated 4 months ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 6 months ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- Reports on Driver, LSASS and other security services mitigations☆34Aug 18, 2025Updated 7 months ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆129Jan 28, 2026Updated last month
- A reflective DLL development template for the Rust programming language☆116Nov 4, 2025Updated 4 months ago
- Help red teams find opsec processes during engagements☆42Dec 7, 2024Updated last year
- An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.☆119Oct 6, 2025Updated 5 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆151Apr 18, 2025Updated 11 months ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆73Nov 11, 2025Updated 4 months ago
- Commandline spoofing on Windows☆95Nov 25, 2025Updated 3 months ago
- SOCKS5 proxy tool that uses Azure Storage services as a means of communication.☆330Updated this week
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 10 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆140Aug 31, 2025Updated 6 months ago
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆210Dec 17, 2025Updated 3 months ago
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- Enable EFS service as low priv user (PE & BOF)☆21Jul 6, 2025Updated 8 months ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆32Sep 24, 2025Updated 6 months ago
- Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulati…☆99Oct 17, 2025Updated 5 months ago
- Advanced Windows authentication token extraction and decryption tool for red team operations and security research☆89Dec 30, 2025Updated 2 months ago
- ☆48Dec 28, 2025Updated 2 months ago
- An example reference design for a proposed BOF PE☆204Jan 23, 2026Updated 2 months ago
- remote process injections using pool party techniques☆70Jun 29, 2025Updated 8 months ago
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago
- ☆55May 31, 2025Updated 9 months ago
- ☆127Jan 23, 2025Updated last year
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆200Apr 21, 2025Updated 11 months ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 11 months ago
- Python alternative to Mimikatz lsadump::dcshadow☆161Jun 24, 2025Updated 9 months ago
- Load and execute a common object file format (COFF) in the current process☆32Mar 9, 2024Updated 2 years ago
- Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.☆209Jan 6, 2026Updated 2 months ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 8 months ago
- find dll base addresses without PEB WALK☆162Jul 13, 2025Updated 8 months ago
- ☆137Mar 13, 2026Updated last week
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆93Jan 2, 2026Updated 2 months ago
- Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.☆195Feb 16, 2026Updated last month