fern89/C2 external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

fern89/C2

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/fern89/C2)

Close

fern89 / C2View on GitHubMore

• External links
• Readme badge

A basic C2 framework written in C

☆60Jul 7, 2024Updated last year

Alternatives and similar repositories for C2

Users that are interested in C2 are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• fern89 / ghostwriting-2

  View on GitHub
  A process injection technique using only thread context manipulation
  ☆42Dec 18, 2023Updated 2 years ago
• fern89 / runpe-x64

  View on GitHub
  RunPE adapted for x64 and written in C, does not use RWX
  ☆28May 18, 2024Updated 2 years ago
• delivr-to / MailCollector

  View on GitHub
  A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM
  ☆20Jul 19, 2025Updated 11 months ago
• passthehashbrowns / Being-A-Good-CLR-Host

  View on GitHub
  ☆104Jan 21, 2025Updated last year
• klezVirus / SilentMoonwalk

  View on GitHub
  PoC Implementation of a fully dynamic call stack spoofer
  ☆967Jul 20, 2024Updated last year
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• nbaertsch / nimHeapEnc

  View on GitHub
  Heap encryption in Nim
  ☆21Aug 25, 2024Updated last year
• internetangel / OffensiveD

  View on GitHub
  Utilizing DLang For Offensive Operations.
  ☆15May 29, 2025Updated last year
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆107Feb 25, 2025Updated last year
• Faisal-P27 / WAREED-DNS-C2

  View on GitHub
  ☆125Mar 23, 2025Updated last year
• CICADA8-Research / COMThanasia

  View on GitHub
  A set of programs for analyzing common vulnerabilities in COM
  ☆262Sep 8, 2024Updated last year
• frkngksl / NimicStack

  View on GitHub
  NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs
  ☆95Apr 4, 2026Updated 2 months ago
• 0xv1n / RemoteSessionEnum

  View on GitHub
  Remotely Enumerate sessions using undocumented Windows Station APIs
  ☆118Aug 21, 2024Updated last year
• S3cur3Th1sSh1t / nim-strenc

  View on GitHub
  string encryption in Nim
  ☆19Jun 15, 2024Updated 2 years ago
• Paradoxis / ADSyncDump-BOF

  View on GitHub
  The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…
  ☆177Sep 3, 2025Updated 9 months ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• senzee1984 / EDRPrison

  View on GitHub
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆475Aug 2, 2024Updated last year
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆127Sep 1, 2024Updated last year
• WKL-Sec / FuncAddressPro

  View on GitHub
  A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.
  ☆73Mar 6, 2024Updated 2 years ago
• naksyn / DojoLoader

  View on GitHub
  Generic PE loader for fast prototyping evasion techniques
  ☆246Jul 2, 2024Updated last year
• ChoiSG / SharpSilentChrome

  View on GitHub
  SharpSilentChrome is a C# project that "silently" installs browser extensions on Google Chrome or MS Edge by updating the browsers' Prefe…
  ☆198Mar 19, 2026Updated 3 months ago
• hdks-bug / redteam-techniques

  View on GitHub
  Collection of red team techniques.
  ☆71Apr 25, 2025Updated last year
• CICADA8-Research / IHxExec

  View on GitHub
  Process injection alternative
  ☆407Sep 6, 2024Updated last year
• rtecCyberSec / Packer_Development

  View on GitHub
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆284Jun 15, 2024Updated 2 years ago
• fin3ss3g0d / StoneKeeper

  View on GitHub
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆208Dec 25, 2024Updated last year
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• itaymigdal / NimProtect

  View on GitHub
  A tiny macro library for protecting sensitive strings in compiled binaries
  ☆40Oct 8, 2024Updated last year
• nbaertsch / nimvoke

  View on GitHub
  Indirect syscalls + DInvoke made simple.
  ☆97Dec 24, 2024Updated last year
• Haunted-Banshee / ErebusGate

  View on GitHub
  ErebusGate for Nim Bypass AV/EDR
  ☆160Nov 7, 2022Updated 3 years ago
• huoji120 / APT_Step_Bear_Inject

  View on GitHub
  复现《EDR的梦魇：Storm-0978使用新型内核注入技术“Step Bear”》
  ☆164Oct 27, 2024Updated last year
• Tw1sm / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆242Dec 3, 2025Updated 6 months ago
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆702Oct 23, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆285Sep 18, 2024Updated last year
• SaadAhla / D1rkSleep

  View on GitHub
  Improved version of EKKO by @5pider that Encrypts only Image Sections
  ☆126Feb 13, 2023Updated 3 years ago
• MalwareTech / EDR-Preloader

  View on GitHub
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆553Feb 13, 2024Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• Dec0ne / HWSyscalls

  View on GitHub
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆729Jul 19, 2023Updated 2 years ago
• jdu2600 / EtwTi-FluctuationMonitor

  View on GitHub
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆179May 17, 2023Updated 3 years ago
• trickster0 / LdrLoadDll-Unhooking

  View on GitHub
  LdrLoadDll Unhooking
  ☆132Jan 16, 2022Updated 4 years ago
• rasta-mouse / OST-C2-Spec

  View on GitHub
  Open Source C&C Specification
  ☆280Feb 28, 2025Updated last year
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆195Nov 27, 2024Updated last year
• klezVirus / RpcProxyInvoke

  View on GitHub
  Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar
  ☆138Aug 10, 2024Updated last year
• badboycxcc / Plugx

  View on GitHub
  Plugx 开源情报集合
  ☆24Dec 10, 2024Updated last year