susMdT/AceLdr

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/susMdT/AceLdr)

susMdT / AceLdr

Cobalt Strike UDRL for memory scanner evasion.

☆52

Alternatives and similar repositories for AceLdr

Users that are interested in AceLdr are comparing it to the libraries listed below

Sorting:

NtDallas / OdinLdr
View on GitHub
Cobaltstrike Reflective Loader with Synthetic Stackframe
☆186Jan 17, 2026Updated last month
ibaiC / FriendlyFireBOF
View on GitHub
A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
☆57Apr 14, 2025Updated 10 months ago
MaangoTaachyon / SelfDeletion-Updated
View on GitHub
Updated version of a long known self deletion technique to work with 24H2.
☆61Jun 9, 2025Updated 8 months ago
JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆283Sep 18, 2024Updated last year
NtDallas / Ulfberht
View on GitHub
Shellcode loader
☆101Nov 24, 2024Updated last year
NtDallas / Svartalfheim
View on GitHub
Stage 0
☆169Dec 18, 2024Updated last year
djackreuter / rustlualoader
View on GitHub
Shellcode loader that executes embedded Lua from Rust.
☆128Dec 16, 2024Updated last year
ProcessusT / Venoma
View on GitHub
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
☆200May 29, 2025Updated 9 months ago
Octoberfest7 / enumhandles_BOF
View on GitHub
☆126Sep 1, 2024Updated last year
akamai / Mirage
View on GitHub
Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
☆104Feb 25, 2025Updated last year
Azr43lKn1ght / Rusty-PE-Packer
View on GitHub
A robust Windows Process Executable Packer and Launcher implementation written in Rust for Windows x64 systems.
☆43Jan 9, 2025Updated last year
loland / inlineExecute
View on GitHub
Cobalt Strike BOF
☆43Dec 10, 2025Updated 2 months ago
iilegacyyii / DataInject-BOF
View on GitHub
Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
☆137Apr 18, 2025Updated 10 months ago
senzee1984 / InflativeLoading
View on GitHub
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
☆325Apr 12, 2024Updated last year
klezVirus / koppeling-p
View on GitHub
Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
☆79Aug 5, 2024Updated last year
waawaa / Hooked-Injector
View on GitHub
Hooked create process injection for meterpreter
☆23Jun 16, 2021Updated 4 years ago
Cracked5pider / CoffeeLdr
View on GitHub
Beacon Object File Loader
☆293Dec 3, 2023Updated 2 years ago
NtDallas / KrakenMask
View on GitHub
Sleep obfuscation
☆268Dec 13, 2024Updated last year
NetSPI / silkwasm
View on GitHub
HTML Smuggling with Web Assembly
☆66Feb 20, 2024Updated 2 years ago
BlackSnufkin / NyxInvoke
View on GitHub
NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
☆232Feb 12, 2025Updated last year
REDMED-X / OperatorsKit
View on GitHub
Collection of Beacon Object Files (BOF) for Cobalt Strike
☆675Aug 15, 2025Updated 6 months ago
caueb / ThreadlessStompingKann
View on GitHub
Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
☆79Dec 23, 2023Updated 2 years ago
securifybv / BOFRyptor
View on GitHub
☆123Oct 9, 2023Updated 2 years ago
tijme / relocatable
View on GitHub
Boilerplate to develop raw and truly Position Independent Code (PIC).
☆117Jan 20, 2025Updated last year
jsecu / ModTask
View on GitHub
☆53Sep 23, 2025Updated 5 months ago
ldematte / HostedPumpkin
View on GitHub
Submission, compilation and execution of C# code snippets, using an unmanaged CLR Host
☆53Jan 29, 2015Updated 11 years ago
naksyn / DojoLoader
View on GitHub
Generic PE loader for fast prototyping evasion techniques
☆244Jul 2, 2024Updated last year
nickzer0 / RagingRotator
View on GitHub
A tool for carrying out brute force attacks against Office 365, with built in IP rotation use AWS gateways.
☆80Jun 6, 2024Updated last year
grayhatkiller / SharpExShell
View on GitHub
SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
☆75May 1, 2024Updated last year
Teach2Breach / stargate
View on GitHub
Locate dlls and function addresses without PEB Walk and EAT parsing
☆104Nov 7, 2025Updated 3 months ago
Teach2Breach / noldr
View on GitHub
Dynamically resolve API function addresses at runtime in a secure manner.
☆72Nov 11, 2025Updated 3 months ago
KingOfTheNOPs / Get-NetNTLM
View on GitHub
Internal Monologue BOF
☆79Dec 28, 2024Updated last year
JayGLXR / Rusty-Stardust
View on GitHub
A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…
☆59Mar 17, 2025Updated 11 months ago
sokaRepo / CoercedPotatoRDLL
View on GitHub
Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege
☆225Nov 23, 2023Updated 2 years ago
xRedCodex / BofArsenal
View on GitHub
The most extensive collection of BOFs (Beacon Object Files) tailored for Red Teams using C++23
☆23Jun 19, 2025Updated 8 months ago
knight0x07 / NailaoLoader-Hiding-Execution-Flow
View on GitHub
NailaoLoader: Hiding Execution Flow via Patching
☆22Feb 27, 2025Updated last year
Nero22k / teamsc2
View on GitHub
Brute Ratel External C2 (Microsoft Teams)
☆38Dec 11, 2024Updated last year
itaymigdal / GhostNap
View on GitHub
Sleep obfuscation for shellcode implants and their reflective shit
☆53Sep 19, 2023Updated 2 years ago
zero2504 / Early-Cryo-Bird-Injections
View on GitHub
Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
☆138Apr 6, 2025Updated 10 months ago