PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin
☆121Jan 4, 2026Updated last month
Alternatives and similar repositories for FsquirtCPLPoC
Users that are interested in FsquirtCPLPoC are comparing it to the libraries listed below
Sorting:
- sigreturn-oriented programming (SROP) based sleep obfuscation poc for Linux☆66Dec 15, 2025Updated 2 months ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 5 months ago
- Microsoft Network Service Fingerprinting Tool☆70Jan 2, 2026Updated 2 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆409Jan 11, 2026Updated last month
- Shellcode Loader Utilizing ETW Events☆67Feb 26, 2025Updated last year
- Title is self explaining, well theres few methods we can do to read locked file and play with it...☆96Jan 5, 2026Updated last month
- ☆17Jun 16, 2025Updated 8 months ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆137Apr 6, 2025Updated 10 months ago
- ☆50Jun 4, 2025Updated 8 months ago
- Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames☆152Nov 23, 2025Updated 3 months ago
- A portable C# utility for enumerating local and remote windows sessions☆56Jan 1, 2026Updated 2 months ago
- ☆139Jan 16, 2025Updated last year
- ☆64Dec 19, 2024Updated last year
- A POC for developing BOFs for Sliver, Havoc, Cobalt Strike or most COFFLoaders in Rust.☆75Aug 24, 2025Updated 6 months ago
- A collection of PoCs to do common things in unconventional ways☆121Aug 31, 2025Updated 6 months ago
- HVNC PoC (Hidden VNC) in Rust☆40Sep 2, 2025Updated 6 months ago
- Cobalt Strike BOF☆43Dec 10, 2025Updated 2 months ago
- A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.☆17Feb 3, 2025Updated last year
- Reflective shellcode loaderwith advanced call stack spoofing and .NET support.☆227Sep 19, 2025Updated 5 months ago
- ☆42Feb 18, 2025Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- Detect BypassUAC using AMSI☆29Feb 18, 2025Updated last year
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆137Dec 7, 2025Updated 2 months ago
- An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD☆49Mar 10, 2025Updated 11 months ago
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Feb 10, 2025Updated last year
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆261Oct 16, 2024Updated last year
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- ☆31Jul 26, 2024Updated last year
- A Crystal Palace shared library to resolve & perform syscalls☆56Oct 29, 2025Updated 4 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- ☆57Apr 19, 2023Updated 2 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆71Feb 11, 2024Updated 2 years ago
- kernel callback removal (Bypassing EDR Detections)☆211Nov 14, 2025Updated 3 months ago
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- demo unhooking functions in ntdll☆28Jul 15, 2025Updated 7 months ago
- SAM Dumping in C#☆54Nov 27, 2025Updated 3 months ago
- a BOF implementation of various registry persistence methods☆94Nov 11, 2025Updated 3 months ago
- Things i do because i saw it on twitter on a weekend☆57Jul 20, 2025Updated 7 months ago
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 7 months ago