mav8557 / FatherLinks
LD_PRELOAD rootkit
☆132Updated last year
Alternatives and similar repositories for Father
Users that are interested in Father are comparing it to the libraries listed below
Sorting:
- A C2 framework for initial access in Go☆183Updated 2 years ago
- A prototype malware C2 channel using x509 certificates over mTLS☆153Updated last year
- The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogun_lab).☆229Updated 5 months ago
- ☆113Updated 3 years ago
- A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malwar…☆127Updated 3 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆330Updated 10 months ago
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆378Updated 10 months ago
- A technique of hiding malicious shellcode via Shannon encoding.☆255Updated 2 years ago
- RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows☆7Updated 3 years ago
- Medusa is a cross-platform C2 agent compatible with Python 2.7 and 3.8, compatible with Mythic☆181Updated 2 months ago
- Move CS beacon to GPU memory when sleeping☆246Updated 3 years ago
- (Demo) 3rd party agent for Havoc☆139Updated last year
- Payload Loader With Evasion Features☆318Updated 2 years ago
- KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this p…☆221Updated last year
- ☆55Updated 3 years ago
- Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST☆184Updated 8 months ago
- Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.☆279Updated 7 months ago
- WIP shellcode loader in nim with EDR evasion techniques☆217Updated 3 years ago
- A shellcode function to encrypt a running process image when sleeping.☆339Updated 3 years ago
- ☆132Updated last year
- Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers t…☆457Updated 3 years ago
- Infect Shared Files In Memory for Lateral Movement☆195Updated 2 years ago
- Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting☆357Updated 2 years ago
- A tool to find folders excluded from AV real-time scanning using a time oracle☆233Updated last year
- Process Ghosting Tool☆174Updated 3 years ago
- ☆85Updated 2 years ago
- ☆248Updated 2 years ago
- Native Syscalls Shellcode Injector☆266Updated last year
- Finding secrets in kernel and user memory☆116Updated last year
- Patching AmsiOpenSession by forcing an error branching☆145Updated last year