maxDcb / C2ImplantLinks
Windows C++ Implant for Exploration C2
☆38Updated 3 months ago
Alternatives and similar repositories for C2Implant
Users that are interested in C2Implant are comparing it to the libraries listed below
Sorting:
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆64Updated 2 years ago
- A basic C2 framework written in C☆60Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆56Updated 3 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆60Updated last year
- ☆100Updated last year
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆48Updated last year
- Core Submodule of Exploration C2☆19Updated 3 weeks ago
- ☆50Updated last month
- TypeLib persistence technique☆127Updated 10 months ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆86Updated 2 years ago
- ☆36Updated 2 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆121Updated 2 years ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆41Updated 2 years ago
- Linker for Beacon Object Files☆126Updated last month
- Beacon Debugger☆52Updated 10 months ago
- Implementation of Indirect Syscall technique to pop a calc.exe☆106Updated last year
- A COFF Loader written in Rust☆120Updated this week
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆148Updated last month
- Threadless shellcode injection tool☆66Updated last year
- Template-based generation of shellcode loaders☆79Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆128Updated 7 months ago
- ☆40Updated 8 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆96Updated 6 months ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆27Updated 2 years ago
- ☆24Updated 6 months ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆65Updated last week
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆51Updated 3 months ago
- ☆76Updated 7 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated 10 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆84Updated 2 years ago