fern89/C2 external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

fern89/C2

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/fern89/C2)

Close

fern89 / C2View on GitHubMore

• External links
• Readme badge

A basic C2 framework written in C

☆59Jul 7, 2024Updated last year

Alternatives and similar repositories for C2

Users that are interested in C2 are comparing it to the libraries listed below

• fern89 / ghostwriting-2

  View on GitHub
  A process injection technique using only thread context manipulation
  ☆41Dec 18, 2023Updated 2 years ago
• fern89 / runpe-x64

  View on GitHub
  RunPE adapted for x64 and written in C, does not use RWX
  ☆28May 18, 2024Updated last year
• delivr-to / MailCollector

  View on GitHub
  A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM
  ☆20Jul 19, 2025Updated 8 months ago
• passthehashbrowns / Being-A-Good-CLR-Host

  View on GitHub
  ☆87Jan 21, 2025Updated last year
• klezVirus / SilentMoonwalk

  View on GitHub
  PoC Implementation of a fully dynamic call stack spoofer
  ☆926Jul 20, 2024Updated last year
• nbaertsch / nimHeapEnc

  View on GitHub
  Heap encryption in Nim
  ☆20Aug 25, 2024Updated last year
• internetangel / OffensiveD

  View on GitHub
  Utilizing DLang For Offensive Operations.
  ☆14May 29, 2025Updated 9 months ago
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆105Feb 25, 2025Updated last year
• Faisal-P27 / WAREED-DNS-C2

  View on GitHub
  ☆126Mar 23, 2025Updated 11 months ago
• CICADA8-Research / COMThanasia

  View on GitHub
  A set of programs for analyzing common vulnerabilities in COM
  ☆249Sep 8, 2024Updated last year
• Paradoxis / ADSyncDump-BOF

  View on GitHub
  The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…
  ☆174Sep 3, 2025Updated 6 months ago
• 0xv1n / RemoteSessionEnum

  View on GitHub
  Remotely Enumerate sessions using undocumented Windows Station APIs
  ☆117Aug 21, 2024Updated last year
• frkngksl / NimicStack

  View on GitHub
  NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs
  ☆94Aug 1, 2022Updated 3 years ago
• S3cur3Th1sSh1t / nim-strenc

  View on GitHub
  string encryption in Nim
  ☆19Jun 15, 2024Updated last year
• senzee1984 / EDRPrison

  View on GitHub
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆460Aug 2, 2024Updated last year
• WKL-Sec / FuncAddressPro

  View on GitHub
  A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
  ☆72Mar 6, 2024Updated 2 years ago
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• ChoiSG / SharpSilentChrome

  View on GitHub
  SharpSilentChrome is a C# project that "silently" installs browser extensions on Google Chrome or MS Edge by updating the browsers' Prefe…
  ☆191Aug 6, 2025Updated 7 months ago
• naksyn / DojoLoader

  View on GitHub
  Generic PE loader for fast prototyping evasion techniques
  ☆245Jul 2, 2024Updated last year
• hdks-bug / redteam-techniques

  View on GitHub
  Collection of red team techniques.
  ☆69Apr 25, 2025Updated 10 months ago
• fin3ss3g0d / StoneKeeper

  View on GitHub
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆209Dec 25, 2024Updated last year
• CICADA8-Research / IHxExec

  View on GitHub
  Process injection alternative
  ☆407Sep 6, 2024Updated last year
• rtecCyberSec / Packer_Development

  View on GitHub
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆284Jun 15, 2024Updated last year
• itaymigdal / NimProtect

  View on GitHub
  A tiny macro library for protecting sensitive strings in compiled binaries
  ☆40Oct 8, 2024Updated last year
• nbaertsch / nimvoke

  View on GitHub
  Indirect syscalls + DInvoke made simple.
  ☆95Dec 24, 2024Updated last year
• Haunted-Banshee / ErebusGate

  View on GitHub
  ErebusGate for Nim Bypass AV/EDR
  ☆161Nov 7, 2022Updated 3 years ago
• Tw1sm / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆227Dec 3, 2025Updated 3 months ago
• huoji120 / APT_Step_Bear_Inject

  View on GitHub
  复现《EDR的梦魇：Storm-0978使用新型内核注入技术“Step Bear”》
  ☆161Oct 27, 2024Updated last year
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆683Oct 23, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• MalwareTech / EDR-Preloader

  View on GitHub
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆542Feb 13, 2024Updated 2 years ago
• SaadAhla / D1rkSleep

  View on GitHub
  Improved version of EKKO by @5pider that Encrypts only Image Sections
  ☆125Feb 13, 2023Updated 3 years ago
• Dec0ne / HWSyscalls

  View on GitHub
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆719Jul 19, 2023Updated 2 years ago
• jdu2600 / EtwTi-FluctuationMonitor

  View on GitHub
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆170May 17, 2023Updated 2 years ago
• trickster0 / LdrLoadDll-Unhooking

  View on GitHub
  LdrLoadDll Unhooking
  ☆135Jan 16, 2022Updated 4 years ago
• rasta-mouse / OST-C2-Spec

  View on GitHub
  Open Source C&C Specification
  ☆278Feb 28, 2025Updated last year
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆195Nov 27, 2024Updated last year
• klezVirus / RpcProxyInvoke

  View on GitHub
  Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar
  ☆137Aug 10, 2024Updated last year
• badboycxcc / Plugx

  View on GitHub
  Plugx 开源情报集合
  ☆23Dec 10, 2024Updated last year