flostyen/windows-persistence external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

flostyen/windows-persistence

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/flostyen/windows-persistence)

Close

flostyen / windows-persistenceView on GitHubMore

• External links
• Readme badge

Windows Persistence IT-Security

☆109Mar 9, 2025Updated last year

Alternatives and similar repositories for windows-persistence

Users that are interested in windows-persistence are comparing it to the libraries listed below

• mr-r3bot / bof-modules

  View on GitHub
  BOF for C2 framework
  ☆44Nov 9, 2024Updated last year
• 0xRedpoll / SignalKeyBOF

  View on GitHub
  BOF to decrypt Signal Desktop chat logs
  ☆70Feb 20, 2025Updated last year
• SlimeOnSecurity / PrintSpoofer-BOF

  View on GitHub
  ☆52May 4, 2025Updated 10 months ago
• NetSPI / BOF-PE

  View on GitHub
  An example reference design for a proposed BOF PE
  ☆204Jan 23, 2026Updated last month
• zzhsec / NlsCodeInjectionThroughRegistry

  View on GitHub
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆17Jun 18, 2022Updated 3 years ago
• CICADA8-Research / Spyndicapped

  View on GitHub
  COM ViewLogger — new malware keylogging technique
  ☆407Jan 6, 2025Updated last year
• m4ul3r / writing_nimless

  View on GitHub
  Writing Nimless Nim - Slides and source for BSIDESKC 2024 talk.
  ☆85Jul 11, 2025Updated 8 months ago
• MEhrn00 / boflink

  View on GitHub
  Linker for Beacon Object Files
  ☆170Feb 22, 2026Updated last month
• xforcered / RemoteMonologue

  View on GitHub
  Weaponizing DCOM for NTLM Authentication Coercions
  ☆274Jul 1, 2025Updated 8 months ago
• Tylous / FaceDancer

  View on GitHub
  FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loadi…
  ☆407Sep 26, 2024Updated last year
• mertdas / PrivKit

  View on GitHub
  PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
  ☆574Jan 20, 2026Updated 2 months ago
• klezVirus / DriverJack

  View on GitHub
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆361Aug 11, 2024Updated last year
• smokeme / asar-backdoor

  View on GitHub
  ☆33Mar 19, 2025Updated last year
• UmaRex01 / HookSentry

  View on GitHub
  Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.
  ☆37Apr 24, 2025Updated 10 months ago
• AlmondOffSec / DCOMRunAs

  View on GitHub
  Lateral movement with DCOM DLL hijacking
  ☆176Jul 4, 2025Updated 8 months ago
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆124Jan 17, 2026Updated 2 months ago
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆335Mar 6, 2025Updated last year
• zero2504 / FrostLock-Injection

  View on GitHub
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆43Apr 6, 2025Updated 11 months ago
• senzee1984 / EDRPrison

  View on GitHub
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆460Aug 2, 2024Updated last year
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,008Jun 4, 2024Updated last year
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆384Dec 13, 2024Updated last year
• winsecurity / AMSI-Bypass-HWBP

  View on GitHub
  ☆26Aug 11, 2025Updated 7 months ago
• rasta-mouse / process-inject-kit

  View on GitHub
  Port of Cobalt Strike's Process Inject Kit
  ☆192Dec 1, 2024Updated last year
• EspressoCake / BetterPipename

  View on GitHub
  Example of using Sleep to create better named pipes.
  ☆41Jul 25, 2023Updated 2 years ago
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆346Nov 19, 2024Updated last year
• ElJaviLuki / CobaltStrike_OpenBeacon

  View on GitHub
  Fully functional, from-scratch alternative to the Cobalt Strike Beacon (red teaming tool), offering transparency and flexibility for secu…
  ☆261Mar 13, 2024Updated 2 years ago
• Diverto / IPPrintC2

  View on GitHub
  PoC for using MS Windows printers for persistence / command and control via Internet Printing
  ☆150May 3, 2024Updated last year
• hasherezade / thread_namecalling

  View on GitHub
  Process Injection using Thread Name
  ☆307Apr 18, 2025Updated 11 months ago
• TwoSevenOneT / CreateProcessAsPPL

  View on GitHub
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆295Nov 1, 2025Updated 4 months ago
• joaoviictorti / uwd

  View on GitHub
  Call Stack Spoofing for Rust
  ☆212Jan 28, 2026Updated last month
• iamagarre / BadExclusions

  View on GitHub
  BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR
  ☆21Feb 8, 2024Updated 2 years ago
• kyxiaxiang / DetectCobaltStrike

  View on GitHub
  Detect Beacon Powerful (Include CobatStrike 4.10 Aha~)
  ☆21Oct 18, 2024Updated last year
• m4ul3r / malware

  View on GitHub
  malware written for educational purposes
  ☆71Dec 31, 2025Updated 2 months ago
• HulkOperator / AuthStager

  View on GitHub
  ☆59Oct 24, 2024Updated last year
• ameenalkerdy / ETWShellcodeLoader

  View on GitHub
  Shellcode Loader Utilizing ETW Events
  ☆66Feb 26, 2025Updated last year
• EricEsquivel / OpsLoader

  View on GitHub
  A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader
  ☆45Sep 25, 2024Updated last year
• garrettfoster13 / ldap_bofs

  View on GitHub
  Random BOFs for LDAP tradecraft
  ☆74Sep 9, 2025Updated 6 months ago
• kleiton0x00 / RtlHijack

  View on GitHub
  Alternative Read and Write primitives using Rtl* functions the unintended way.
  ☆79Aug 25, 2025Updated 6 months ago
• RedSiege / GraphStrike

  View on GitHub
  Cobalt Strike HTTPS beaconing over Microsoft Graph API
  ☆626Jun 25, 2024Updated last year