PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This project demonstrates that It's possible to build a multi-stage and modular C2 implant made of PICOs.
☆43Nov 9, 2025Updated 3 months ago
Alternatives and similar repositories for PICO-Implant
Users that are interested in PICO-Implant are comparing it to the libraries listed below
Sorting:
- Load and execute a common object file format (COFF) in the current process☆32Mar 9, 2024Updated last year
- Proof-of-concept code for understanding the allow-jit entitlement on macOS☆30Feb 19, 2026Updated last week
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- Attack chain emulator. Write recipes for initial access easily☆23Feb 26, 2025Updated last year
- Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…☆64Jan 19, 2026Updated last month
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Self Delete DLL☆23Feb 15, 2024Updated 2 years ago
- A BOF that's a BOF Loader and more☆198Jan 17, 2026Updated last month
- Indirect syscalls + DInvoke made simple.☆96Dec 24, 2024Updated last year
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆89Jan 2, 2026Updated 2 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- Enable EFS service as low priv user (PE & BOF)☆21Jul 6, 2025Updated 7 months ago
- ☆12Feb 23, 2015Updated 11 years ago
- Mythic C2 Agent written in x64 PIC C☆85Jan 29, 2025Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 9 months ago
- arm64 linux position-independent shellcode framework☆30Dec 12, 2025Updated 2 months ago
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆18Mar 19, 2025Updated 11 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆200Apr 21, 2025Updated 10 months ago
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 5 months ago
- Show the time in Roman Numerals☆11Jan 23, 2020Updated 6 years ago
- Cobalt Strike BOF☆43Dec 10, 2025Updated 2 months ago
- An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities☆63Aug 25, 2022Updated 3 years ago
- ☆30May 23, 2024Updated last year
- ☆38Mar 28, 2025Updated 11 months ago
- From C to binary shellcode converter.☆56Nov 11, 2025Updated 3 months ago
- ☆51Jun 28, 2025Updated 8 months ago
- Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames☆152Nov 23, 2025Updated 3 months ago
- A Mythic Agent written in PIC C.☆207Feb 4, 2025Updated last year
- A repo of scripts I find helpful for daily tasks.☆30Dec 8, 2025Updated 2 months ago
- SATO is a PowerShell tool focuses on providing flexible, multi-grant type support for obtaining, managing, and analyzing Azure tokens.☆22Nov 24, 2025Updated 3 months ago
- HTML Smuggling with Web Assembly☆66Feb 20, 2024Updated 2 years ago
- Load a dynamic library from memory by modifying the native Windows loader☆286Jun 18, 2025Updated 8 months ago
- converts sRDI compatible dlls to shellcode☆35Jan 20, 2025Updated last year
- A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.☆92Jan 8, 2025Updated last year
- Purple Team Dropper generator using open source templates.☆17May 23, 2024Updated last year
- Windows Application Attack Surface Analyzer☆24Feb 22, 2024Updated 2 years ago