A basic C2 framework written in C
☆59Jul 7, 2024Updated last year
Alternatives and similar repositories for C2
Users that are interested in C2 are comparing it to the libraries listed below
Sorting:
- A process injection technique using only thread context manipulation☆41Dec 18, 2023Updated 2 years ago
- string encryption in Nim☆20Jun 15, 2024Updated last year
- RunPE adapted for x64 and written in C, does not use RWX☆28May 18, 2024Updated last year
- A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM☆20Jul 19, 2025Updated 7 months ago
- Heap encryption in Nim☆20Aug 25, 2024Updated last year
- ☆86Jan 21, 2025Updated last year
- Utilizing DLang For Offensive Operations.☆14May 29, 2025Updated 9 months ago
- PoC Implementation of a fully dynamic call stack spoofer☆917Jul 20, 2024Updated last year
- Remotely Enumerate sessions using undocumented Windows Station APIs☆118Aug 21, 2024Updated last year
- Slides & Code snippets for a workshop held @ x33fcon 2024☆283Jun 15, 2024Updated last year
- ☆126Sep 1, 2024Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆209Dec 25, 2024Updated last year
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated last year
- The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…☆172Sep 3, 2025Updated 5 months ago
- A tiny macro library for protecting sensitive strings in compiled binaries☆40Oct 8, 2024Updated last year
- NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs☆95Aug 1, 2022Updated 3 years ago
- A set of programs for analyzing common vulnerabilities in COM☆248Sep 8, 2024Updated last year
- ☆124Mar 23, 2025Updated 11 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆458Aug 2, 2024Updated last year
- In-memory hiding technique☆63Jan 5, 2025Updated last year
- Process injection alternative☆406Sep 6, 2024Updated last year
- Indirect syscalls + DInvoke made simple.☆96Dec 24, 2024Updated last year
- Library of BOFs to interact with SQL servers☆223Dec 3, 2025Updated 2 months ago
- SharpSilentChrome is a C# project that "silently" installs browser extensions on Google Chrome or MS Edge by updating the browsers' Prefe…☆188Aug 6, 2025Updated 6 months ago
- Generic PE loader for fast prototyping evasion techniques☆244Jul 2, 2024Updated last year
- a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor☆110Mar 25, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆281Sep 18, 2024Updated last year
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- Lateral Movement via the .NET Profiler☆100Nov 21, 2024Updated last year
- Injects shellcode into remote processes using direct syscalls☆77Dec 30, 2020Updated 5 years ago
- Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking☆436Jun 27, 2025Updated 8 months ago
- LdrLoadDll Unhooking☆135Jan 16, 2022Updated 4 years ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆539Feb 13, 2024Updated 2 years ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆72Mar 6, 2024Updated last year
- ☆216Mar 26, 2024Updated last year
- ☆121Nov 21, 2024Updated last year
- PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are rela…☆45Jul 9, 2025Updated 7 months ago
- A BOF that runs unmanaged PEs inline☆680Oct 23, 2024Updated last year
- Fileless atexec, no more need for port 445☆404Mar 28, 2024Updated last year