Alternatives and similar repositories for Celeborn

Users that are interested in Celeborn are comparing it to the libraries listed below

• frkngksl / ParallelNimcalls

  View on GitHub
  Nim version of MDSec's Parallel Syscall PoC
  ☆124Jan 14, 2022Updated 4 years ago
• EspressoCake / PPLDump_BOF

  View on GitHub
  A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.
  ☆143Sep 24, 2021Updated 4 years ago
• passthehashbrowns / hook-integrity-checks

  View on GitHub
  ☆24May 28, 2021Updated 4 years ago
• X-C3LL / wfp-reader

  View on GitHub
  Proof of concept - Covert Channel using Windows Filtering Platform (C#)
  ☆21Aug 29, 2021Updated 4 years ago
• xenoscr / compressedCredBandit

  View on GitHub
  A variation CredBandit that uses compression to reduce the size of the data that must be trasnmitted.
  ☆19Jun 24, 2021Updated 4 years ago
• optiv / Dent

  View on GitHub
  A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
  ☆297Aug 18, 2023Updated 2 years ago
• EncodeGroup / UAC-SilentClean

  View on GitHub
  New UAC bypass for Silent Cleanup for CobaltStrike
  ☆191Jul 14, 2021Updated 4 years ago
• am0nsec / SharpHellsGate

  View on GitHub
  C# Implementation of the Hell's Gate VX Technique
  ☆216Jun 30, 2020Updated 5 years ago
• passthehashbrowns / DInvokeProcessHollowing

  View on GitHub
  ☆31Aug 23, 2020Updated 5 years ago
• jfmaes / SharpZipRunner

  View on GitHub
  Executes position independent shellcode from an encrypted zip
  ☆304Dec 22, 2020Updated 5 years ago
• rsmudge / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆283Sep 18, 2021Updated 4 years ago
• frkngksl / Huan

  View on GitHub
  Encrypted PE Loader Generator
  ☆543Aug 13, 2021Updated 4 years ago
• boku7 / HellsGatePPID

  View on GitHub
  Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
  ☆107Mar 8, 2023Updated 2 years ago
• xenoscr / SharpMailBOF

  View on GitHub
  A BOF.NET program to split a file into smaller chunks and email it via a specified SMTP relay.
  ☆15Jun 24, 2021Updated 4 years ago
• waleedassar / SyscallNumberExtractor

  View on GitHub
  ☆24Sep 26, 2021Updated 4 years ago
• paranoidninja / PIC-Get-Privileges

  View on GitHub
  Building and Executing Position Independent Shellcode from Object Files in Memory
  ☆166Jan 30, 2021Updated 5 years ago
• mez-0 / winrmdll

  View on GitHub
  C++ WinRM API via Reflective DLL
  ☆145Sep 11, 2021Updated 4 years ago
• mgeeky / UnhookMe

  View on GitHub
  UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …
  ☆349Jul 3, 2022Updated 3 years ago
• asaurusrex / Probatorum-EDR-Userland-Hook-Checker

  View on GitHub
  Project to check which Nt/Zw functions your local EDR is hooking
  ☆199Mar 21, 2021Updated 4 years ago
• LloydLabs / process-enumeration-stealth

  View on GitHub
  ☆83Aug 26, 2024Updated last year
• Mr-B0b / SpaceRunner

  View on GitHub
  This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes thr…
  ☆196Jul 26, 2020Updated 5 years ago
• moloch-- / DarkLoadLibrary

  View on GitHub
  LoadLibrary for offensive operations
  ☆33Dec 14, 2021Updated 4 years ago
• sh4hin / GoPurple

  View on GitHub
  Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
  ☆494Apr 1, 2021Updated 4 years ago
• ajpc500 / RelayRumbler

  View on GitHub
  A proof-of-concept tool that attempts to retrieve the configuration from the memory dump of an F-Secure C3 Relay executable.
  ☆18Jul 2, 2021Updated 4 years ago
• Maff1t / WindowsPermsPoC

  View on GitHub
  A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows
  ☆52Jun 14, 2021Updated 4 years ago
• Barbarisch / forkatz

  View on GitHub
  credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege
  ☆123May 22, 2021Updated 4 years ago
• cube0x0 / ParallelSyscalls

  View on GitHub
  C# version of MDSec's ParallelSyscalls
  ☆141Jan 9, 2022Updated 4 years ago
• boku7 / HOLLOW

  View on GitHub
  EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…
  ☆291Mar 8, 2023Updated 2 years ago
• Cobalt-Strike / beacon_health_check

  View on GitHub
  This aggressor script uses a beacon's note field to indicate the health status of a beacon.
  ☆141Sep 29, 2021Updated 4 years ago
• rookuu / BOFs

  View on GitHub
  Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.
  ☆185Feb 11, 2021Updated 5 years ago
• RedSection / OffensivePH

  View on GitHub
  OffensivePH - use old Process Hacker driver to bypass several user-mode access controls
  ☆334Oct 9, 2021Updated 4 years ago
• EspressoCake / DLL-Exports-Extraction-BOF

  View on GitHub
  DLL Exports Extraction BOF with optional NTFS transactions.
  ☆90Nov 5, 2021Updated 4 years ago
• capt-meelo / Beaconator

  View on GitHub
  A beacon generator using Cobalt Strike and a variety of tools.
  ☆448Aug 10, 2021Updated 4 years ago
• EspressoCake / BeaconDownloadSync

  View on GitHub
  ☆94May 14, 2022Updated 3 years ago
• S3cur3Th1sSh1t / SharpImpersonation

  View on GitHub
  A User Impersonation tool - via Token or Shellcode injection
  ☆422May 21, 2022Updated 3 years ago
• jsecu / CredManBOF

  View on GitHub
  ☆99Sep 20, 2021Updated 4 years ago
• aaaddress1 / sakeInject

  View on GitHub
  Windows PE - TLS (Thread Local Storage) Injector in C/C++
  ☆107Jan 3, 2021Updated 5 years ago
• SolomonSklash / SleepyCrypt

  View on GitHub
  A shellcode function to encrypt a running process image when sleeping.
  ☆340Sep 11, 2021Updated 4 years ago
• klezVirus / CandyPotato

  View on GitHub
  Pure C++, weaponized, fully automated implementation of RottenPotatoNG
  ☆313Sep 16, 2021Updated 4 years ago