Abusing the win32k.sys kernel callback mechanism for arbitrary code execution
☆102Apr 10, 2026Updated 3 months ago
Alternatives and similar repositories for win32k-callback-detouring
Users that are interested in win32k-callback-detouring are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Precision call-stack spoofing gadget hunter for x64 DLLs, powered by Iced disassembler☆18Jul 2, 2026Updated last week
- Advanced OPSEC fork of Donut. Features a Custom in-memory CLR Host, Tail-Jump ETW bypasses, and zero-patch AMSI evasion for stealthy shel…☆68Jun 24, 2026Updated 3 weeks ago
- Another new coercion primitive with LPE - machine-account NTLM coercion from a non-admin user via Windows Store InstallService plugin res…☆86Jun 20, 2026Updated 3 weeks ago
- Surgical UNWIND_INFO preservation for sleep masking without call stack spoofing.☆55Mar 30, 2026Updated 3 months ago
- DynLoader A modular Windows loader focused on EDR evasion Built with indirect syscall (Tartarus Gate / Hell’s Gate), Manual PE parsing …☆56Updated this week
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Active Directory time discovery protocols for red teams. Stealthy extraction via Kerberos, SMB, NTLM, and CLDAP.☆71Updated this week
- Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. Project Onyx is a PoC Red Team pipeline designed to demonstrate advance…☆113Jun 30, 2026Updated 2 weeks ago
- This repository contains the research tool presented at x33fcon 2026, along with the associated presentation slides. The content is made …☆62Jun 15, 2026Updated last month
- Beacon Object File to Enable Chrome DevTools Protocol (CDP)☆116Jul 1, 2026Updated last week
- A shellcode loader generator with support for multiple injection techniques, built for red team engagements.☆93Jul 1, 2026Updated last week
- KslDump — Why bring your own knife when Defender already left one in the kitchen?☆392Apr 13, 2026Updated 3 months ago
- Dump TGTs remotely and convert Windows' klist binary output to ccache.☆80Jun 30, 2026Updated 2 weeks ago
- DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.☆210Jun 25, 2026Updated 2 weeks ago
- PoC on JIT Flow Redirection and .NET Reflection for Analyzing In-Memory Telemetry Interfaces (AMSI/ETW)☆16Jun 24, 2026Updated 2 weeks ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Activation Context Hijacking Evasion Tool☆293Jun 17, 2026Updated 3 weeks ago
- Object file loader implemented as a post-ex DLL for asynchronous BOF execution.☆29Jun 15, 2026Updated 3 weeks ago
- Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.☆84Jun 15, 2026Updated 3 weeks ago
- COM Windows Persistence Technique☆89Apr 27, 2026Updated 2 months ago
- Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants☆192Jun 6, 2026Updated last month
- Memory API proxy via signed mozglue.dll☆40Jun 25, 2026Updated 2 weeks ago
- Clean Indirect Syscalls with Hook Evasion & Return Address Spoofing.☆97Apr 30, 2026Updated 2 months ago
- A stealthy and modular Windows loader designed to bypass modern EDR solutions using Module Stomping, Stack Duplication, and Advanced Slee…☆66Updated this week
- Proof of concept to detect module stomping detection by looking for modified .pdata sections.☆39Jun 11, 2026Updated last month
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Automatically deploying Mythic C2 in Azure using Terraform☆20Jul 3, 2026Updated last week
- AppLocker-Based EDR Neutralization☆339Dec 19, 2025Updated 6 months ago
- Fritter is a heavily modified fork of TheWover and Odzhan's Donut shellcode generator.☆243Jun 11, 2026Updated last month
- .NET CLR-Stomping☆146May 20, 2026Updated last month
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆142Apr 22, 2026Updated 2 months ago
- open source implementation of the UDC2 spec used in Cobalt Strike☆54Jul 4, 2026Updated last week
- ☆22May 19, 2026Updated last month
- KHAOS is a modern C2 framework that routes agent traffic through cloud services already trusted by enterprise networks.☆186Updated this week
- ☆24Updated this week
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Cobalt Strike BOF to obtain location data☆26Jul 4, 2026Updated last week
- User-mode ETW interception and telemetry manipulation lab for Windows security research.☆42Jun 15, 2026Updated 3 weeks ago
- Next-Generation BOF Template | BOF Linter | Obj Rewriter☆58Dec 4, 2025Updated 7 months ago
- A compiled language for Windows position-independent x86-64 shellcode and Beacon Object Files.☆170Jun 28, 2026Updated 2 weeks ago
- Smuggling C2 comms through links previews☆18Jun 17, 2026Updated 3 weeks ago
- Static analysis & exploitation-triage toolkit for Windows kernel drivers. Discover IOCTLs, Symbolic Links, and check cert , and Downlaods…☆191Apr 27, 2026Updated 2 months ago
- Reversed cassandra source code for educational purposes☆28Jul 3, 2026Updated last week