rasta-mouse/Crystal-Kit

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/rasta-mouse/Crystal-Kit)

rasta-mouse / Crystal-Kit

Evasion kit for Cobalt Strike

☆385

Alternatives and similar repositories for Crystal-Kit

Users that are interested in Crystal-Kit are comparing it to the libraries listed below

Sorting:

EricEsquivel / Inline-EA
View on GitHub
Cobalt Strike BOF for evasive .NET assembly execution
☆308Mar 31, 2025Updated 11 months ago
NtDallas / KrakenMask
View on GitHub
Sleep obfuscation
☆268Dec 13, 2024Updated last year
NtDallas / Ulfberht
View on GitHub
Shellcode loader
☆101Nov 24, 2024Updated last year
0xTriboulet / rssh-rs
View on GitHub
☆55May 31, 2025Updated 9 months ago
NtDallas / Draugr
View on GitHub
BOF with Synthetic Stackframe
☆225Oct 30, 2025Updated 4 months ago
boku7 / StringReaper
View on GitHub
Reaping treasures from strings in remote processes memory
☆285Feb 8, 2025Updated last year
lum8rjack / caddy-c2
View on GitHub
Caddy v2 module to filter requests based on C2 profiles
☆46Apr 24, 2025Updated 10 months ago
Whitecat18 / static_encrypt
View on GitHub
Static Encrypt is an crate that encrypts string literals at compile time and only decrypted at runtime when needed.
☆57Jan 17, 2026Updated last month
0xJs / BYOVD_read_write_primitive
View on GitHub
Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
☆210Aug 21, 2025Updated 6 months ago
Xenov-X / csbot
View on GitHub
Golang Automation Framework for Cobalt Strike using the Rest API
☆56Dec 4, 2025Updated 2 months ago
NtDallas / BOF_Spawn
View on GitHub
Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
☆152Nov 23, 2025Updated 3 months ago
andrecrafts / CobaltStrike-YARA-Bypass-f0b627fc
View on GitHub
Bypass YARA rule Windows_Trojan_CobaltStrike_f0b627fc by generating alternative shellcode sequences.
☆52Oct 2, 2025Updated 5 months ago
zyn3rgy / smbtakeover
View on GitHub
BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
☆346Nov 19, 2024Updated last year
S12cybersecurity / FrankensteinAPCInjection
View on GitHub
Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueAp…
☆63Feb 17, 2026Updated 2 weeks ago
oldboy21 / SHGenOb
View on GitHub
Python based tool for generating Shellcode from PIC C
☆43Nov 6, 2025Updated 3 months ago
icyguider / Shhhloader
View on GitHub
Syscall Shellcode Loader (Work in Progress)
☆1,259May 8, 2024Updated last year
RainbowDynamix / GhostKatz
View on GitHub
Dump LSASS via physical memory read primitives in vulnerable kernel drivers
☆275Feb 2, 2026Updated last month
exploide / bhcli
View on GitHub
CLI tool to interact with the BloodHound CE API
☆69Jan 4, 2026Updated last month
foxlox / cthulhu
View on GitHub
AV Evasion, a Red Team Tool - Fiber, APC, PNG and UUID
☆21Sep 7, 2021Updated 4 years ago
kypvas / shellcode-mutator
View on GitHub
shellcode transformation tool for YARA evasion
☆52Dec 17, 2025Updated 2 months ago
xforcered / ForsHops
View on GitHub
ForsHops
☆152Mar 25, 2025Updated 11 months ago
dobin / SuperMega
View on GitHub
Stealthily inject shellcode into an executable
☆452Oct 19, 2025Updated 4 months ago
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆681Oct 23, 2024Updated last year
ofasgard / execute-assembly-pico
View on GitHub
A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
☆128Jan 28, 2026Updated last month
bytewreck / DumpGuard
View on GitHub
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
☆616Oct 27, 2025Updated 4 months ago
jaredfolkins / llmon
View on GitHub
LLMON 🍋 - The World's First Web Adversarial AI Firewall
☆40Jan 3, 2026Updated 2 months ago
0xsh3llf1r3 / ColdWer
View on GitHub
Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
☆115Jan 29, 2026Updated last month
kyleavery / AceLdr
View on GitHub
Cobalt Strike UDRL for memory scanner evasion.
☆1,006Jun 4, 2024Updated last year
NtDallas / BOF_ExecuteAssembly
View on GitHub
Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.
☆182Dec 23, 2025Updated 2 months ago
nickvourd / SugarFree
View on GitHub
Less sugar (entropy) for your binaries
☆33Sep 10, 2025Updated 5 months ago
CodeXTF2 / ScreenshotBOF
View on GitHub
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memor…
☆490Dec 7, 2025Updated 2 months ago
MaorSabag / impacket-jump
View on GitHub
Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service load…
☆119Dec 7, 2025Updated 2 months ago
deepinstinct / DCOMUploadExec
View on GitHub
DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
☆381Dec 13, 2024Updated last year
ColeHouston / Sunder
View on GitHub
Windows rootkit designed to work with BYOVD exploits
☆216Jan 18, 2025Updated last year
0xTriboulet / InlineExecuteEx
View on GitHub
A BOF that's a BOF Loader and more
☆198Jan 17, 2026Updated last month
Mayyhem / Maestro
View on GitHub
Abusing Azure services over C2
☆368Jan 20, 2026Updated last month
frozenkp / gdoor
View on GitHub
A red team emulation tool deveoped by CyCraft Technology
☆25Apr 18, 2024Updated last year
MythicMeta / MythicContainer
View on GitHub
GoLang package for creating Mythic Payload Types, C2 Profiles, Translation Services, WebHook listeners, and Loggers
☆24Dec 15, 2025Updated 2 months ago
D4rthMaulCop / DumpKernel-S1
View on GitHub
A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
☆21Apr 2, 2025Updated 11 months ago