redteamfortress/PhantomKiller external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

redteamfortress/PhantomKiller

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/redteamfortress/PhantomKiller)

Close

redteamfortress / PhantomKillerView on GitHubMore

• External links
• Readme badge

Another BYOVD process killer. works on all EDR's. fully signed.

☆213May 19, 2026Updated this week

Alternatives and similar repositories for PhantomKiller

Users that are interested in PhantomKiller are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• winsecurity / AMSI-Bypass-HWBP

  View on GitHub
  ☆26Aug 11, 2025Updated 9 months ago
• 0xTriboulet / ai-postex

  View on GitHub
  Proof-of-concept implementation of AI-enabled postex DLLs
  ☆93Sep 10, 2025Updated 8 months ago
• Teach2Breach / pool_party_rs

  View on GitHub
  remote process injections using pool party techniques
  ☆71Jun 29, 2025Updated 10 months ago
• cycript / FTPM_POC

  View on GitHub
  ☆20Apr 5, 2025Updated last year
• kapla0011 / KaplaStrike

  View on GitHub
  A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and sta…
  ☆205Mar 15, 2026Updated 2 months ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• Teach2Breach / dll2shell

  View on GitHub
  converts sRDI compatible dlls to shellcode
  ☆38Jan 20, 2025Updated last year
• Sh3lldon / WinPWN

  View on GitHub
  This repo for Windows x32-x64 Kernel/User Mode Exploitation writeups and exploits
  ☆24Oct 20, 2025Updated 7 months ago
• sensepost / goLAPS

  View on GitHub
  Retrieve LAPS passwords from a domain. The tools is inspired in pyLAPS.
  ☆88Mar 6, 2025Updated last year
• horizon3ai / Ivanti-EPM-Coercion-Vulnerabilities

  View on GitHub
  Proof of concept exploit for Ivanti EPM CVE-2024-13159 and others
  ☆13Feb 19, 2025Updated last year
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆151Feb 10, 2025Updated last year
• BC-SECURITY / IronSharpPack

  View on GitHub
  IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…
  ☆119May 2, 2024Updated 2 years ago
• XiaoliChan / Xiaoli-Tools

  View on GitHub
  ☆15Aug 1, 2023Updated 2 years ago
• khadira1937 / valorant-colorbot

  View on GitHub
  Valorant C++ color based triggerbot + aimbot using imgui - Peppers0/Valorant-Cheat
  ☆17Nov 10, 2024Updated last year
• ZephrFish / LOLADCS

  View on GitHub
  PowerShell implementation for AD CS
  ☆154Mar 2, 2026Updated 2 months ago
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• empyr3an / Reconis

  View on GitHub
  A tool for automating network enumeration and reconnaissance
  ☆18Jan 20, 2025Updated last year
• CodeXTF2 / BusySleepBeacon

  View on GitHub
  This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built i…
  ☆36Jan 15, 2022Updated 4 years ago
• Libraggbond / EventViewerBypassUacBof

  View on GitHub
  EventViewer Bypass Uac Bof
  ☆23Jul 23, 2022Updated 3 years ago
• percpopper / VALORANT-FNamePool

  View on GitHub
  Iterate And Decrypt FNamePool->Entries On Valorant
  ☆13Nov 1, 2023Updated 2 years ago
• yumusb / coremail_export

  View on GitHub
  导出coremail联系人
  ☆18Apr 19, 2023Updated 3 years ago
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆154Mar 25, 2025Updated last year
• conix-security / debug_inject

  View on GitHub
  Shellcode injection using debugging APIs
  ☆19Jan 13, 2014Updated 12 years ago
• BeanBagKing / 1029_crack.py

  View on GitHub
  Crack base64(sha256(username)) hash from Microsoft Event ID 1029
  ☆24Aug 4, 2023Updated 2 years ago
• timwhitez / Doge-MemX

  View on GitHub
  Golang implementation of Reflective load PE from memory
  ☆63Jan 10, 2022Updated 4 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆242Nov 7, 2024Updated last year
• almounah / GoDroplets

  View on GitHub
  Go Shellcode Loader to be Integrated in Exploration C2
  ☆27Feb 7, 2025Updated last year
• netero1010 / ClipboardHistoryThief

  View on GitHub
  POC tool to extract all persistent clipboard history data from clipboard service process memory
  ☆60Jul 31, 2024Updated last year
• naksyn / ProcessStomping

  View on GitHub
  A variation of ProcessOverwriting to execute shellcode on an executable's section
  ☆147Dec 16, 2023Updated 2 years ago
• cbwang505 / FilesystemEoPDesktopSystemShell

  View on GitHub
  Folder Or File Delete to Get System Shell on Current Session Desktop
  ☆46Jan 14, 2025Updated last year
• zer1t0 / keydump

  View on GitHub
  Dump Linux keyrings
  ☆24Jul 15, 2024Updated last year
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆197Feb 6, 2025Updated last year
• MzHmO / DebugAmsi

  View on GitHub
  DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
  ☆102Sep 18, 2023Updated 2 years ago
• VoldeSec / PatchlessInlineExecute-Assembly

  View on GitHub
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆290Apr 17, 2023Updated 3 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• decoder-it / impacket-partial-mic

  View on GitHub
  Impacket with --remove-mic-partial
  ☆42Jan 8, 2026Updated 4 months ago
• Teach2Breach / rekkoex

  View on GitHub
  ☆18Aug 8, 2024Updated last year
• xforcered / Being-A-Good-CLR-Host

  View on GitHub
  ☆141Jan 16, 2025Updated last year
• timwhitez / Doge-Hide

  View on GitHub
  windows API to hide console window by golang
  ☆35Dec 20, 2021Updated 4 years ago
• Chocapikk / CVE-2024-8672

  View on GitHub
  Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution
  ☆13Dec 2, 2024Updated last year
• electroglyph / anti_defender

  View on GitHub
  A slightly more fun way to disable windows defender
  ☆52May 4, 2025Updated last year
• XiaoliChan / PetitPotam-V2

  View on GitHub
  More EFS coerced authentication method with PetitPotam.py
  ☆28Mar 21, 2023Updated 3 years ago