fern89/ghostwriting-2

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/fern89/ghostwriting-2)

fern89 / ghostwriting-2

A process injection technique using only thread context manipulation

☆42

Alternatives and similar repositories for ghostwriting-2

Users that are interested in ghostwriting-2 are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

fern89 / C2
View on GitHub
A basic C2 framework written in C
☆60Jul 7, 2024Updated last year
JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆285Sep 18, 2024Updated last year
c0de90e7 / GhostWriting
View on GitHub
GhostWriting Injection Technique.
☆201Mar 26, 2018Updated 8 years ago
m4ul3r / writing_nimless
View on GitHub
Writing Nimless Nim - Slides and source for BSIDESKC 2024 talk.
☆86Jul 11, 2025Updated 11 months ago
itaymigdal / PichichiH0ll0wer
View on GitHub
Nim process hollowing loader
☆62Jul 22, 2025Updated 10 months ago
Managed Kubernetes at scale on DigitalOcean • Ad
DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
S3cur3Th1sSh1t / nim-strenc
View on GitHub
string encryption in Nim
☆19Jun 15, 2024Updated last year
akamai / Mirage
View on GitHub
Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
☆107Feb 25, 2025Updated last year
AlSch092 / ModifyExports
View on GitHub
Research of modifying exported function names at runtime (C/C++, Windows)
☆18May 28, 2024Updated 2 years ago
JayGLXR / RustySpy
View on GitHub
A powerful Windows UI monitoring and DNS exfiltration tool written in Rust, combining advanced UI event capture capabilities with secure …
☆20Mar 6, 2025Updated last year
NtDallas / KrakenMask
View on GitHub
Sleep obfuscation
☆274Dec 13, 2024Updated last year
gerbsec / SmokeyObfuscator
View on GitHub
Rewrite to fit my needs
☆33Jul 20, 2024Updated last year
lap1nou / CLR_Heap_encryption
View on GitHub
☆103Oct 7, 2023Updated 2 years ago
fern89 / runpe-x64
View on GitHub
RunPE adapted for x64 and written in C, does not use RWX
☆28May 18, 2024Updated 2 years ago
xrombar / flower
View on GitHub
a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
☆109Mar 25, 2024Updated 2 years ago
Deploy to Railway using AI coding agents - Free Credits Offer • Ad
Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
Teach2Breach / rekkoex
View on GitHub
☆18Aug 8, 2024Updated last year
hasherezade / thread_namecalling
View on GitHub
Process Injection using Thread Name
☆308Apr 18, 2025Updated last year
gabriellandau / ShadowStackWalk
View on GitHub
Finding Truth in the Shadows
☆129Jan 26, 2023Updated 3 years ago
ameenalkerdy / ETWShellcodeLoader
View on GitHub
Shellcode Loader Utilizing ETW Events
☆66Feb 26, 2025Updated last year
Kudaes / Eclipse
View on GitHub
Activation Context Hijack
☆171May 4, 2026Updated last month
Teach2Breach / moonwalk
View on GitHub
find dll base addresses without PEB WALK
☆169Jul 13, 2025Updated 11 months ago
zarkones / BloodfangC2
View on GitHub
Modern PIC implant for Windows (64 & 32 bit)
☆106Jul 23, 2025Updated 10 months ago
joaoviictorti / rustclr
View on GitHub
Host CLR and run .NET binaries using Rust
☆154Dec 23, 2025Updated 5 months ago
nbaertsch / Shrike
View on GitHub
Hunting and injecting RWX 'mockingjay' DLLs in pure nim
☆62Dec 11, 2024Updated last year
End-to-end encrypted cloud storage - Proton Drive • Ad
Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
SafeBreach-Labs / CortexVortex
View on GitHub
☆82Apr 23, 2024Updated 2 years ago
Allevon412 / BreadManModuleStomping
View on GitHub
☆45Oct 16, 2023Updated 2 years ago
0xEr3bus / RdpStrike
View on GitHub
Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.
☆251Jun 11, 2024Updated 2 years ago
Teach2Breach / noldr
View on GitHub
Dynamically resolve API function addresses at runtime in a secure manner.
☆73Nov 11, 2025Updated 7 months ago
pygrum / gimmick
View on GitHub
Section-based payload obfuscation technique for x64
☆64Aug 8, 2024Updated last year
Kharos102 / interceptor
View on GitHub
Sample Rust Hooking Engine
☆34Apr 5, 2024Updated 2 years ago
synacktiv / DLHell
View on GitHub
Local & remote Windows DLL Proxying
☆173Jun 17, 2024Updated last year
EgeBalci / deoptimizer
View on GitHub
Evasion by machine code de-optimization.
☆427Jul 22, 2024Updated last year
passthehashbrowns / VectoredExceptionHandling
View on GitHub
☆111Aug 21, 2024Updated last year
Proton VPN Special Offer - Get 70% off • Ad
Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
rasta-mouse / KerbApp
View on GitHub
☆32Jun 1, 2024Updated 2 years ago
itaymigdal / PartyLoader
View on GitHub
Threadless shellcode injection tool
☆68Aug 5, 2024Updated last year
skelsec / anfs
View on GitHub
Asynchronous NFSv3 client in pure Python
☆30Jul 16, 2025Updated 10 months ago
decoder-it / RelabelAbuse
View on GitHub
☆63May 31, 2024Updated 2 years ago
rtecCyberSec / Packer_Development
View on GitHub
Slides & Code snippets for a workshop held @ x33fcon 2024
☆283Jun 15, 2024Updated last year
ricardojoserf / SharpNado
View on GitHub
Repository to gather the .NET malware I will be developing
☆18Mar 7, 2026Updated 3 months ago
0xv1n / RemoteSessionEnum
View on GitHub
Remotely Enumerate sessions using undocumented Windows Station APIs
☆118Aug 21, 2024Updated last year