rasta-mouse/LibTP

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/rasta-mouse/LibTP)

rasta-mouse / LibTP

Crystal Palace library for proxying Nt API calls via the Threadpool

☆101

Alternatives and similar repositories for LibTP

Users that are interested in LibTP are comparing it to the libraries listed below

Sorting:

Teach2Breach / noldr
View on GitHub
Dynamically resolve API function addresses at runtime in a secure manner.
☆73Nov 11, 2025Updated 4 months ago
silentwarble / PIC-Library
View on GitHub
A collection of position independent coding resources
☆109Nov 15, 2025Updated 4 months ago
ofasgard / execute-assembly-pico
View on GitHub
A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
☆129Jan 28, 2026Updated last month
chryzsh / linux_bof
View on GitHub
ELF Beacon Object File (BOF) Template
☆19Nov 18, 2024Updated last year
Octoberfest7 / enumhandles_BOF
View on GitHub
☆126Sep 1, 2024Updated last year
antroguy / GetAccessTokenWithSSOCookie
View on GitHub
☆50Jun 4, 2025Updated 9 months ago
NoahKirchner / speedloader
View on GitHub
Rust template/library for implementing your own COFF loader
☆72Jan 27, 2025Updated last year
AlmondOffSec / LibTPLoadLib
View on GitHub
Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…
☆81Nov 6, 2025Updated 4 months ago
Octoberfest7 / Enumprotections_BOF
View on GitHub
A BOF to enumerate system process, their protection levels, and more.
☆125Nov 27, 2024Updated last year
outflanknl / macho-loader
View on GitHub
Position-independent Reflective Loader for macOS
☆120Feb 19, 2026Updated last month
Teach2Breach / rust_api_demo
View on GitHub
various methods of making API calls
☆19Feb 1, 2025Updated last year
akamai / Mirage
View on GitHub
Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
☆105Feb 25, 2025Updated last year
susMdT / LoudSunRun
View on GitHub
Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
☆267Oct 16, 2024Updated last year
JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆283Sep 18, 2024Updated last year
je5442804 / NtCreateUserProcess-Post
View on GitHub
NtCreateUserProcess with CsrClientCallServer for mainstream Windows x64 version
☆44Jul 16, 2024Updated last year
Maldev-Academy / TrapFlagForSyscalling
View on GitHub
Bypass user-land hooks by syscall tampering via the Trap Flag
☆139Aug 25, 2025Updated 6 months ago
Teach2Breach / early_cascade_inj_rs
View on GitHub
early cascade injection PoC based on Outflanks blog post, in rust
☆62Nov 8, 2024Updated last year
tijme / relocatable
View on GitHub
Boilerplate to develop raw and truly Position Independent Code (PIC).
☆117Jan 20, 2025Updated last year
joaoviictorti / userdmp
View on GitHub
Rust crate to parse user-mode minidump files generated on Windows
☆18Nov 17, 2025Updated 4 months ago
KingOfTheNOPs / Get-NetNTLM
View on GitHub
Internal Monologue BOF
☆79Dec 28, 2024Updated last year
werdhaihai / msi_lateral_mv
View on GitHub
Lateral Movement Bof with MSI ODBC Driver Install
☆147Sep 30, 2025Updated 5 months ago
KiExitDispatcher / Ebyte-Syscalls
View on GitHub
Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…
☆116Oct 30, 2025Updated 4 months ago
NtDallas / OdinLdr
View on GitHub
Cobaltstrike Reflective Loader with Synthetic Stackframe
☆189Jan 17, 2026Updated 2 months ago
NetSPI / BOF-PE
View on GitHub
An example reference design for a proposed BOF PE
☆204Jan 23, 2026Updated last month
x64dbg / lz4
View on GitHub
☆14Dec 26, 2024Updated last year
MythicAgents / Hannibal
View on GitHub
A Mythic Agent written in PIC C.
☆206Feb 4, 2025Updated last year
zer0condition / NTMemory
View on GitHub
Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.
☆73Updated this week
paranoidninja / BRC4-BOF-Artillery
View on GitHub
☆147Nov 6, 2025Updated 4 months ago
RePRGM / Nimpacket
View on GitHub
A library for interacting with Windows through SMB written in Nim.
☆17Sep 14, 2025Updated 6 months ago
safedv / RustVEHSyscalls
View on GitHub
A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.
☆164Oct 31, 2024Updated last year
whokilleddb / sinister-vsix
View on GitHub
Blog/Journal on how to backdoor VSCode extensions
☆78Feb 24, 2026Updated 3 weeks ago
mannyfred / MentalTi
View on GitHub
Mentally ill EtwTi parser
☆69Jan 11, 2026Updated 2 months ago
dobin / RedEdr
View on GitHub
Collect Windows telemetry for Maldev
☆464Jan 30, 2026Updated last month
whokilleddb / funcshenanigans
View on GitHub
A bunch of shenanigans using functions, VEH and more
☆38Jun 8, 2025Updated 9 months ago
rbmm / SC_DEMO
View on GitHub
☆128Dec 12, 2025Updated 3 months ago
Mr-Un1k0d3r / DotnetNoVirtualProtectShellcodeLoader
View on GitHub
load shellcode without P/D Invoke and VirtualProtect call.
☆169Sep 2, 2025Updated 6 months ago
tijme / nimplant-beacon-position-independent-c-code
View on GitHub
A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.
☆67Feb 11, 2025Updated last year
bagelByt3s / ludus_adfs
View on GitHub
An Ansible collection that installs an ADFS deployment with optional configurations.
☆44Dec 19, 2025Updated 3 months ago
Hagrid29 / BOF-RemoteRegSave
View on GitHub
Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer
☆17Mar 4, 2023Updated 3 years ago