C# havoc implant
☆100Feb 12, 2023Updated 3 years ago
Alternatives and similar repositories for SharpAgent
Users that are interested in SharpAgent are comparing it to the libraries listed below
Sorting:
- Modules used by the Havoc Framework☆262Jun 17, 2024Updated last year
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆86Nov 8, 2023Updated 2 years ago
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆389Jul 30, 2024Updated last year
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- POC for frustrating/defeating Malware Analysts☆156Jun 12, 2022Updated 3 years ago
- Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).☆186Feb 12, 2023Updated 3 years ago
- malleable profile generator GUI for Havoc☆55Apr 28, 2023Updated 2 years ago
- A new AMSI Bypass technique using .NET ALI Call Hooking.☆193Nov 15, 2022Updated 3 years ago
- A care package of useful bofs for red team engagments☆53Dec 6, 2024Updated last year
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆258Jun 29, 2024Updated last year
- A collection of (even more) alternative shellcode callback methods in CSharp☆81Oct 26, 2024Updated last year
- ☆11Feb 12, 2023Updated 3 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆90Dec 15, 2022Updated 3 years ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆307Dec 9, 2023Updated 2 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆180Feb 10, 2023Updated 3 years ago
- Generate an obfuscated DLL that will disable AMSI & ETW☆330Jul 15, 2024Updated last year
- (Demo) 3rd party agent for Havoc☆146Aug 20, 2023Updated 2 years ago
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- A string obfuscator for .NET apps, built to evade static string analysis.☆109Jan 3, 2023Updated 3 years ago
- ☆152Oct 2, 2023Updated 2 years ago
- A python port of CCob's ThreadlessInject☆25Mar 18, 2023Updated 2 years ago
- This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.☆122Feb 21, 2025Updated last year
- List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly☆61May 24, 2022Updated 3 years ago
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Nov 19, 2022Updated 3 years ago
- Shaco is a linux agent for havoc☆170Oct 25, 2023Updated 2 years ago
- A .NET malware loader, using API-Hashing to evade static analysis☆210May 30, 2023Updated 2 years ago
- All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming☆233Oct 8, 2024Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆368Apr 19, 2023Updated 2 years ago
- This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and down…☆257May 25, 2023Updated 2 years ago
- Mythic C2 wrapper for NimSyscallPacker☆25Mar 12, 2025Updated 11 months ago
- Just another casual shellcode native loader☆25Feb 3, 2022Updated 4 years ago
- .NET/PowerShell/VBA Offensive Security Obfuscator☆515Feb 1, 2024Updated 2 years ago
- Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind☆482Jul 12, 2023Updated 2 years ago
- Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…☆85Aug 2, 2023Updated 2 years ago
- a tool to help operate in EDRs' blind spots☆767Dec 2, 2024Updated last year