Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload execution.
☆48Nov 2, 2025Updated 4 months ago
Alternatives and similar repositories for Self-Cleaning-PICO-Loader
Users that are interested in Self-Cleaning-PICO-Loader are comparing it to the libraries listed below
Sorting:
- adws enumeration bof☆167Feb 16, 2026Updated 2 weeks ago
- ☆64Dec 19, 2024Updated last year
- LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to…☆41Nov 4, 2025Updated 3 months ago
- A Windows tool that converts LDIF files to BloodHound CE☆27Dec 20, 2025Updated 2 months ago
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated 11 months ago
- ☆26Aug 5, 2025Updated 6 months ago
- ☆12Feb 4, 2025Updated last year
- Command Augmentation support for BOFs and .NET assemblies across agents☆40Feb 17, 2026Updated 2 weeks ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆46Jul 16, 2023Updated 2 years ago
- Reports on Driver, LSASS and other security services mitigations☆34Aug 18, 2025Updated 6 months ago
- Reflective shellcode loaderwith advanced call stack spoofing and .NET support.☆227Sep 19, 2025Updated 5 months ago
- ☆101Oct 7, 2023Updated 2 years ago
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆124Jan 17, 2026Updated last month
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 6 months ago
- ☆21Feb 22, 2025Updated last year
- a BOF implementation of various registry persistence methods☆94Nov 11, 2025Updated 3 months ago
- Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD☆28Jan 4, 2024Updated 2 years ago
- Periodically check hashcat cracking progress and notify of success.☆10Dec 18, 2018Updated 7 years ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- Proof of Concept in Go from Secureworks' research on Azure Active Directory Brute-Force Attacks. Inspired by @treebuilder's POC on PowerS…☆14Feb 23, 2022Updated 4 years ago
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- A PoC C2 implementation that uses Native Messaging API to execute direct commands in the OS☆17Nov 5, 2025Updated 3 months ago
- ☆20Sep 6, 2025Updated 5 months ago
- Compiled Binaries for Sharp Suite☆15Dec 28, 2019Updated 6 years ago
- Proof of concepts demonstrating some aspects of the Windows kernel shadow stack mitigation.☆54Jun 2, 2025Updated 9 months ago
- Persistence via Shell Extensions☆64Aug 4, 2023Updated 2 years ago
- Submission, compilation and execution of C# code snippets, using an unmanaged CLR Host☆53Jan 29, 2015Updated 11 years ago
- Red Team Coin for crypto-mining operations.☆23Updated this week
- CVE-2025-59501 POC code☆25Nov 20, 2025Updated 3 months ago
- .NET Assembly that creates network shares,sets ACE entries for directories, sets share perms, and deletes shares. Learning project for C#☆10Oct 14, 2024Updated last year
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆18Mar 19, 2025Updated 11 months ago
- User-Defined C2 BOF Template☆28Nov 24, 2025Updated 3 months ago
- ☆54Oct 13, 2025Updated 4 months ago
- A python library to create BloodHound OpenGraphs☆53Feb 4, 2026Updated 3 weeks ago
- Show the time in Roman Numerals☆11Jan 23, 2020Updated 6 years ago
- ☆32Aug 21, 2023Updated 2 years ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 5 months ago
- Office 365 and Exchange domain federation enumeration tool☆13Sep 6, 2023Updated 2 years ago
- SysCalling is an educational project demonstrating state-of-the-art syscall execution techniques for bypassing user-space EDR controls in…☆14Dec 8, 2024Updated last year