☆127Dec 12, 2025Updated 2 months ago
Alternatives and similar repositories for SC_DEMO
Users that are interested in SC_DEMO are comparing it to the libraries listed below
Sorting:
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.☆67Feb 11, 2025Updated last year
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- ☆146Nov 6, 2025Updated 3 months ago
- BOF with Synthetic Stackframe☆225Oct 30, 2025Updated 4 months ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated last year
- A Mythic Agent written in PIC C.☆207Feb 4, 2025Updated last year
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆137Dec 7, 2025Updated 2 months ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆137Apr 6, 2025Updated 10 months ago
- early cascade injection PoC based on Outflanks blog post☆237Nov 7, 2024Updated last year
- Cobalt Strike BOF for evasive .NET assembly execution☆308Mar 31, 2025Updated 11 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- ☆41Feb 20, 2025Updated last year
- Sleep obfuscation☆268Dec 13, 2024Updated last year
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- Position-independent Reflective Loader for macOS☆118Feb 19, 2026Updated last week
- converts sRDI compatible dlls to shellcode☆35Jan 20, 2025Updated last year
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 7 months ago
- Stage 0☆169Dec 18, 2024Updated last year
- find dll base addresses without PEB WALK☆160Jul 13, 2025Updated 7 months ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆261Oct 16, 2024Updated last year
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 10 months ago
- Hunting and injecting RWX 'mockingjay' DLLs in pure nim☆60Dec 11, 2024Updated last year
- An App Domain Manager Injection DLL PoC on steroids☆212Dec 14, 2023Updated 2 years ago
- A PoC for Early Cascade process injection technique.☆211Jan 30, 2025Updated last year
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆123Jan 17, 2026Updated last month
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 7 months ago
- GPOAnalyzer is a tool designed to assist in parsing domain Group Policy Object (GPO) files located in the SYSVOL directory.☆28Jun 14, 2024Updated last year
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆122Sep 8, 2024Updated last year
- Azure Post Exploitation Framework☆244Oct 27, 2025Updated 4 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆263Aug 31, 2025Updated 6 months ago
- COM ViewLogger — new malware keylogging technique☆404Jan 6, 2025Updated last year
- Reflective shellcode loaderwith advanced call stack spoofing and .NET support.☆227Sep 19, 2025Updated 5 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆137Apr 18, 2025Updated 10 months ago