eXtensiable Malware Toolkit: Full Featured Golang C2 Framework with Awesome Features
☆105Dec 17, 2025Updated 2 months ago
Alternatives and similar repositories for XMT
Users that are interested in XMT are comparing it to the libraries listed below
Sorting:
- Golang C2 Server and Agents using XMT (https://github.com/iDigitalFlame/xmt)☆41Dec 17, 2025Updated 2 months ago
- A third-party Gopher Assassin for the Havoc Framework.☆44Jan 1, 2024Updated 2 years ago
- KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this p…☆228Jun 6, 2023Updated 2 years ago
- Yet, Another Packer/Loader☆25Feb 26, 2023Updated 3 years ago
- Proofs-Of-360Security Sandbox Escape☆10Mar 18, 2022Updated 3 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆175Mar 15, 2023Updated 2 years ago
- ☆15Nov 24, 2022Updated 3 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆115Aug 29, 2022Updated 3 years ago
- Using fibers to run in-memory code.☆242Oct 19, 2023Updated 2 years ago
- PoC MSI payload based on ASEC/AhnLab's blog post☆24Sep 19, 2022Updated 3 years ago
- Interactive program for loading AES encrypted shellcode with Dynamic Invocation, and interactive .NET assemblies in memory.☆13Mar 16, 2022Updated 3 years ago
- Go shellcode loader that combines multiple evasion techniques☆389Jun 21, 2023Updated 2 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆180Feb 10, 2023Updated 3 years ago
- Alternative Shellcode Execution Via Callbacks in C# with P/Invoke☆85Feb 26, 2023Updated 3 years ago
- ShootCutMe an .LNK file creator tool for redteamer☆16Oct 2, 2024Updated last year
- A new AMSI Bypass technique using .NET ALI Call Hooking.☆193Nov 15, 2022Updated 3 years ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 9 months ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 2 years ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆86Mar 19, 2023Updated 2 years ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆60Dec 15, 2023Updated 2 years ago
- windows task scheduler in golang☆29Sep 6, 2021Updated 4 years ago
- A Golang implant that uses Discord as a C2 team server☆64Nov 28, 2024Updated last year
- Splitting and executing shellcode across multiple pages☆103Jun 8, 2023Updated 2 years ago
- Monarch - The Adversary Emulation Toolkit☆64Jan 7, 2025Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- Golang packer that use process hollowing☆19May 1, 2022Updated 3 years ago
- Windows API/constants, identity, and WinHTTP/WinINet for Go.☆19Jan 13, 2026Updated last month
- PoC arbitrary WPM without a process handle☆20Jul 22, 2023Updated 2 years ago
- C# Based Universal API Unhooker☆411Feb 18, 2022Updated 4 years ago
- A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally …☆91Oct 10, 2022Updated 3 years ago
- Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process☆47Jun 15, 2022Updated 3 years ago
- Get fresh Syscalls from a fresh ntdll.dll copy☆235Jan 28, 2022Updated 4 years ago
- A C# Command & Control framework☆1,026Mar 28, 2024Updated last year
- ☆13Feb 25, 2023Updated 3 years ago
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆91Sep 9, 2022Updated 3 years ago
- Generate an obfuscated DLL that will disable AMSI & ETW☆330Jul 15, 2024Updated last year
- Command & Control-Framework created for collaboration in python3☆322Aug 7, 2023Updated 2 years ago