PoC for covert persistence via Windows Push Task Scheduler (WPTaskScheduler) RPC interface — invisible to schtasks, Get-ScheduledTask, and all standard enumeration tools. 利用 Windows Push Task Scheduler (WPTaskScheduler) RPC 接口实现隐蔽持久化的 PoC — 对 schtasks、Get-ScheduledTask 及所有标准枚举工具完全不可见。
☆67Jun 15, 2026Updated last month
Alternatives and similar repositories for ShadowScheduler
Users that are interested in ShadowScheduler are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A bin2bin code virtualizer for x86-64 PE's☆159Jun 6, 2026Updated last month
- A tool uses the QoS Policy (Pacer.sys) to throttle Endpoint Detection and Response (EDR) agents from connecting to the server.☆300Jun 13, 2026Updated last month
- Windows kernel-mode reboot-restore driver — NTFS volume filter with copy-on-write redirection☆58Jun 11, 2026Updated last month
- Advanced OPSEC fork of Donut. Features a Custom in-memory CLR Host, Tail-Jump ETW bypasses, and zero-patch AMSI evasion for stealthy shel…☆68Jun 24, 2026Updated 2 weeks ago
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆142Apr 22, 2026Updated 2 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Advanced DSE bypass tool for Windows 11 Build 26200+. Features symbol-less kernel resolution via dynamic pattern scanning, KDP bypass via…☆22Jun 29, 2026Updated 2 weeks ago
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago
- Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants☆192Jun 6, 2026Updated last month
- Loader Pre-Technology, Main thread hijacking without using API, get ntdll and kernel32 handle without peb. 加载器前置技术,不使用API进行主线程劫持,不使用PEB…☆93Jul 26, 2025Updated 11 months ago
- DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.☆210Jun 25, 2026Updated 2 weeks ago
- Async BOF to monitor and detect clipboard changes on a target system and return the clipboard contents.☆22May 5, 2026Updated 2 months ago
- COM Windows Persistence Technique☆89Apr 27, 2026Updated 2 months ago
- ☆20Jul 23, 2023Updated 2 years ago
- ☆105Jan 21, 2025Updated last year
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- DCOM in memory and fileless lateral movement techniques through .Net deserilization☆272Jun 22, 2026Updated 3 weeks ago
- Havoc BOF implementation of BYOVD attack to terminate PPL-protected EDR processes using a signed Microsoft kernel driver.☆39Apr 6, 2026Updated 3 months ago
- Get password/cookie/history from browser and use devtools protocol to bypass edr monitoring☆63Apr 22, 2025Updated last year
- 分割小工具,可分割木马,一键生成写入、合并、追加命令☆164Jan 5, 2024Updated 2 years ago
- KNSoft.NDK provides native C/C++ definitions and import libraries for Windows NT.☆24Updated this week
- Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR…☆108Updated this week
- Rusty DoublePulsar - Cobalt Strike User-Defined Reflective Loader (UDRL) in Rust (Codename: DoublePulsar)☆113May 14, 2026Updated 2 months ago
- Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan …☆215Dec 8, 2025Updated 7 months ago
- A powerful Windows UI monitoring and DNS exfiltration tool written in Rust, combining advanced UI event capture capabilities with secure …☆20Mar 6, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- SharpSilentChrome is a C# project that "silently" installs browser extensions on Google Chrome or MS Edge by updating the browsers' Prefe…☆200Mar 19, 2026Updated 3 months ago
- A Windows C++ OLE/COM Object explorer written in WTL.☆17Feb 28, 2025Updated last year
- KHAOS is a modern C2 framework that routes agent traffic through cloud services already trusted by enterprise networks.☆186Updated this week
- Object file loader implemented as a post-ex DLL for asynchronous BOF execution.☆29Jun 15, 2026Updated 3 weeks ago
- x64 PE bin2bin obfuscator which doesn't add a section to the binary☆285Updated this week
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- A BOF that runs unmanaged PEs inline☆700Oct 23, 2024Updated last year
- Call NtCreateUserProcess directly as normal.☆77May 17, 2022Updated 4 years ago
- ☆126Mar 23, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Take a screenshot without injection for Cobalt Strike☆205Jun 7, 2023Updated 3 years ago
- Async BOF that notifies the operator when a user connects to a local or remote target system.☆34Jun 17, 2026Updated 3 weeks ago
- Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.☆84Jun 15, 2026Updated 3 weeks ago
- Cobalt Strike BOF to obtain location data☆26Jul 4, 2026Updated last week
- A socksv5 proxy tool Written by CLang. 一款纯C实现的轻量内网穿透工具,支持正向,反向socks5代理隧道的搭建,支持跨平台使用。☆472Mar 2, 2025Updated last year
- Clean Indirect Syscalls with Hook Evasion & Return Address Spoofing.☆97Apr 30, 2026Updated 2 months ago
- Detect BypassUAC using AMSI☆29Feb 18, 2025Updated last year