Detects process injection and memory manipulation used by malware. Finds RWX regions, shellcode patterns, API hooks, thread hijacking, and process hollowing. Built in Rust for speed. Includes CLI and TUI interfaces.
☆301Dec 15, 2025Updated 3 months ago
Alternatives and similar repositories for ghost
Users that are interested in ghost are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes.☆97Nov 7, 2025Updated 4 months ago
- Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…☆59Oct 10, 2025Updated 5 months ago
- Minimal ELF inspector written in C for quick binary layout inspection☆29Jan 9, 2026Updated 2 months ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆32Sep 24, 2025Updated 6 months ago
- Slides and resources from MCTTP 2025 Talk☆68Oct 26, 2025Updated 5 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Enable EFS service as low priv user (PE & BOF)☆21Jul 6, 2025Updated 8 months ago
- A proof‑of‑concept C2 framework that uses Server‑Sent Events (SSE) and the MCP protocol for agent registration, command dispatch, and res…☆33Apr 28, 2025Updated 10 months ago
- This C# tool sprays for admin access over the entire domain☆90Dec 7, 2025Updated 3 months ago
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆84Jan 26, 2026Updated 2 months ago
- takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities☆60Mar 1, 2026Updated 3 weeks ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…☆45Jun 1, 2025Updated 9 months ago
- 一个普通的BOF用来BypassUAC☆22Apr 6, 2024Updated last year
- Chameleon is a polymorphic engine for x86_64 position independent shellcode that has been created out of the need to evade signature-base…☆47Oct 3, 2025Updated 5 months ago
- Red Team Coin for crypto-mining operations.☆23Mar 1, 2026Updated 3 weeks ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 4 months ago
- ☆50Oct 14, 2025Updated 5 months ago
- Phantom is project created to perform loading and executing .NET assemblies directly in memory within an IIS environment running in full‑…☆85Mar 10, 2026Updated 2 weeks ago
- A high-performance domain scanner that discovers active domains by testing multiple Top-Level Domains (TLDs) for given domain names.☆30Oct 26, 2025Updated 5 months ago
- A revival of the classic and legendary KsDumper☆41Nov 19, 2025Updated 4 months ago
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆125Dec 23, 2025Updated 3 months ago
- 🛡️ Convenient .NET Library for Invoking Antimalware Scan Interface (AMSI)☆19Feb 1, 2022Updated 4 years ago
- System Call Integrity Layer - experimental security research☆25Jan 31, 2026Updated last month
- PoC plugin for jadx-gui to evaluate methods and update decompiler output☆24Nov 24, 2025Updated 4 months ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Framework complet d'analyse de malware☆12Feb 22, 2016Updated 10 years ago
- ☆18Dec 23, 2024Updated last year
- Extract the Procedures (TTP) from CTI reports☆17Dec 13, 2025Updated 3 months ago
- A network packet synthesis language☆23Mar 18, 2026Updated last week
- Tool to resolve symbols by the address of the binary☆15Sep 21, 2018Updated 7 years ago
- A Windows C++ OLE/COM Object explorer written in WTL.☆16Feb 28, 2025Updated last year
- UDC2 implementation that provides an ICMP C2 channel☆118Nov 24, 2025Updated 4 months ago
- Modified version of PEAS client for offensive operations☆50Nov 1, 2025Updated 4 months ago
- A simple BOF (Beacon Object File) to search files in the system☆15Dec 2, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 10 months ago
- ☆11Feb 24, 2023Updated 3 years ago
- AppLocker-Based EDR Neutralization☆327Dec 19, 2025Updated 3 months ago
- Sliver agents for Mythic☆48Nov 18, 2024Updated last year
- A fake AMSI Provider which can be used for persistence.☆156May 16, 2021Updated 4 years ago
- A .NET assembly tracer using Harmony for runtime method interception.☆50Oct 24, 2025Updated 5 months ago
- SANS Workshop: Active Directory Privilege Escalation with Empire!☆37Nov 12, 2025Updated 4 months ago