klezVirus/Moonwalk-- external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

klezVirus/Moonwalk--

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/klezVirus/Moonwalk--)

Close

klezVirus / Moonwalk--View on GitHubMore

• External links
• Readme badge

Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption

☆226Dec 17, 2025Updated 5 months ago

Alternatives and similar repositories for Moonwalk--

Users that are interested in Moonwalk-- are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• 0xTriboulet / rdll-rs

  View on GitHub
  A reflective DLL development template for the Rust programming language
  ☆120Nov 4, 2025Updated 7 months ago
• vmsplit / nebula

  View on GitHub
  arm64 linux position-independent shellcode framework
  ☆31Dec 12, 2025Updated 6 months ago
• RWXstoned / LdrShuffle

  View on GitHub
  Code execution/injection technique using DLL PEB module structure manipulation
  ☆266Jun 4, 2025Updated last year
• Maldev-Academy / TrapFlagForSyscalling

  View on GitHub
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆140Aug 25, 2025Updated 9 months ago
• maxDcb / DreamWalkers

  View on GitHub
  Lab research on Windows loader internals, PE loading, stack artifacts, and execution tradeoffs.
  ☆236May 4, 2026Updated last month
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆189Jan 17, 2026Updated 4 months ago
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆248Oct 30, 2025Updated 7 months ago
• TwoSevenOneT / WSASS

  View on GitHub
  This is the tool to dump the LSASS process on modern Windows 11
  ☆590May 23, 2026Updated 3 weeks ago
• EricEsquivel / Inline-EA

  View on GitHub
  Cobalt Strike BOF for evasive .NET assembly execution
  ☆320Mar 31, 2025Updated last year
• Ghaleb0x317374 / StealthyWMIExec.py

  View on GitHub
  A stealthier approach to WMI-based command execution using Impacket without touching the disk.
  ☆83Mar 15, 2026Updated 2 months ago
• NtDallas / MemLoader

  View on GitHub
  Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible
  ☆272Jun 18, 2025Updated 11 months ago
• kozmer / sigdream

  View on GitHub
  sigreturn-oriented(SROP) based sleep obfuscation poc for Linux
  ☆70Dec 15, 2025Updated 6 months ago
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆309Jul 31, 2024Updated last year
• umpolungfish / byvalver

  View on GitHub
  takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities
  ☆62Mar 1, 2026Updated 3 months ago
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• iilegacyyii / DataInject-BOF

  View on GitHub
  Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
  ☆154Apr 18, 2025Updated last year
• Paradoxis / ADSyncDump-BOF

  View on GitHub
  The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…
  ☆176Sep 3, 2025Updated 9 months ago
• 3lp4tr0n / RemoteMonologue

  View on GitHub
  Weaponizing DCOM for NTLM Authentication Coercions
  ☆213Nov 4, 2025Updated 7 months ago
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆288Feb 8, 2025Updated last year
• Cobalt-Strike / bof-vs

  View on GitHub
  A Beacon Object File (BOF) template for Visual Studio
  ☆285Updated this week
• atomiczsec / Adrenaline

  View on GitHub
  C2-agnostic BOF collection, categorized by attack chain phase. Designed to be small and modular, allowing for quick execution and automat…
  ☆307Updated this week
• paranoidninja / PI-Tracker

  View on GitHub
  A tracker DLL which enables 'NTAPI->Syscall' tracking whenever it is loaded. It calls 'NtSetInformationProcess' API call with a callback …
  ☆14Oct 21, 2024Updated last year
• kr0tt / EarlyExceptionHandling

  View on GitHub
  Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH
  ☆138Aug 31, 2025Updated 9 months ago
• Nomad0x7 / sekken-enum

  View on GitHub
  adws enumeration bof
  ☆172Feb 16, 2026Updated 3 months ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• CodeXTF2 / Cobaltstrike_BOFLoader

  View on GitHub
  open source port/reimplementation of the Cobalt Strike BOF Loader as is
  ☆72Mar 8, 2026Updated 3 months ago
• tijme / dittobytes

  View on GitHub
  Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.
  ☆633Feb 2, 2026Updated 4 months ago
• JoasASantos / SysWhispers4

  View on GitHub
  AV/EDR evasion via direct and indirect system calls Windows NT 3.1 through Windows 11 24H2 · x64 · x86 · WoW64 · ARM64
  ☆507Mar 7, 2026Updated 3 months ago
• rbmm / SC_DEMO

  View on GitHub
  ☆128Dec 12, 2025Updated 6 months ago
• Sh3lldon / HellsVectoredGate

  View on GitHub
  ☆55Oct 13, 2025Updated 8 months ago
• 0xTriboulet / emerald_template

  View on GitHub
  A cmake template for crystal palace
  ☆42Dec 20, 2025Updated 5 months ago
• entropy-z / PostEx-Arsenal

  View on GitHub
  Arsenal of modules to beacon postex
  ☆105Mar 13, 2026Updated 3 months ago
• Tylous / FaceDancer

  View on GitHub
  FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loadi…
  ☆436Apr 18, 2026Updated last month
• R3alM0m1X82 / SpecterPortal

  View on GitHub
  Advanced post-exploitation framework designed for Red Team operations in Entra ID, Azure and Microsoft 365 environments.
  ☆57Apr 1, 2026Updated 2 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆239Nov 7, 2024Updated last year
• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆143Apr 6, 2025Updated last year
• Teach2Breach / moonwalk

  View on GitHub
  find dll base addresses without PEB WALK
  ☆169Jul 13, 2025Updated 11 months ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆111Aug 21, 2024Updated last year
• NtDallas / BOF_Spawn

  View on GitHub
  Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
  ☆154Nov 23, 2025Updated 6 months ago
• SlimeOnSecurity / PrintSpoofer-BOF

  View on GitHub
  ☆52May 4, 2025Updated last year
• NtDallas / KrakenMask

  View on GitHub
  Sleep obfuscation
  ☆274Dec 13, 2024Updated last year