thefLink/DeepSleep

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/thefLink/DeepSleep)

thefLink / DeepSleep

A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC

☆374

Alternatives and similar repositories for DeepSleep

Users that are interested in DeepSleep are comparing it to the libraries listed below

Sorting:

waldo-irc / YouMayPasser
View on GitHub
You shall pass
☆270Jul 16, 2022Updated 3 years ago
janoglezcampos / DeathSleep
View on GitHub
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
☆536Aug 1, 2022Updated 3 years ago
Cracked5pider / Ekko
View on GitHub
Sleep Obfuscation
☆816Dec 3, 2023Updated 2 years ago
kyleavery / AceLdr
View on GitHub
Cobalt Strike UDRL for memory scanner evasion.
☆1,006Jun 4, 2024Updated last year
thefLink / RecycledGate
View on GitHub
Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
☆499Feb 3, 2022Updated 4 years ago
Cracked5pider / CoffeeLdr
View on GitHub
Beacon Object File Loader
☆293Dec 3, 2023Updated 2 years ago
Cracked5pider / KaynLdr
View on GitHub
KaynLdr is a Reflective Loader written in C/ASM
☆555Dec 3, 2023Updated 2 years ago
rad9800 / TamperingSyscalls
View on GitHub
☆505Aug 14, 2022Updated 3 years ago
deepinstinct / Dirty-Vanity
View on GitHub
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
☆676Dec 23, 2022Updated 3 years ago
boku7 / BokuLoader
View on GitHub
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
☆1,401Nov 22, 2023Updated 2 years ago
frkngksl / ParallelNimcalls
View on GitHub
Nim version of MDSec's Parallel Syscall PoC
☆123Jan 14, 2022Updated 4 years ago
codewhitesec / Lastenzug
View on GitHub
Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
☆235Oct 18, 2022Updated 3 years ago
SolomonSklash / SleepyCrypt
View on GitHub
A shellcode function to encrypt a running process image when sleeping.
☆340Sep 11, 2021Updated 4 years ago
rad9800 / WTSRM
View on GitHub
WTSRM
☆216Aug 7, 2022Updated 3 years ago
Idov31 / Cronos
View on GitHub
PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
☆622Sep 26, 2023Updated 2 years ago
Henkru / cs-token-vault
View on GitHub
In-memory token vault BOF for Cobalt Strike
☆149Aug 18, 2022Updated 3 years ago
kyleavery / inject-assembly
View on GitHub
Inject .NET assemblies into an existing process
☆508Jan 19, 2022Updated 4 years ago
FalconForceTeam / BOF2shellcode
View on GitHub
POC tool to convert CobaltStrike BOF files to raw shellcode
☆220Nov 5, 2021Updated 4 years ago
klezVirus / SilentMoonwalk
View on GitHub
PoC Implementation of a fully dynamic call stack spoofer
☆917Jul 20, 2024Updated last year
rad9800 / misc
View on GitHub
miscellaneous scripts and programs
☆277Jan 23, 2025Updated last year
mgeeky / ThreadStackSpoofer
View on GitHub
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…
☆1,196Jun 17, 2022Updated 3 years ago
mgeeky / ElusiveMice
View on GitHub
Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
☆482Jul 12, 2023Updated 2 years ago
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆368Apr 19, 2023Updated 2 years ago
S4ntiagoP / freeBokuLoader
View on GitHub
A simple BOF that frees UDRLs
☆122May 29, 2022Updated 3 years ago
Octoberfest7 / KDStab
View on GitHub
BOF combination of KillDefender and Backstab
☆167Mar 23, 2023Updated 2 years ago
hlldz / RefleXXion
View on GitHub
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …
☆501Jan 25, 2022Updated 4 years ago
Cracked5pider / Stardust
View on GitHub
A modern 32/64-bit position independent implant template
☆1,295Mar 21, 2025Updated 11 months ago
mgeeky / ShellcodeFluctuation
View on GitHub
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…
☆1,092Jun 17, 2022Updated 3 years ago
thefLink / Hunt-Sleeping-Beacons
View on GitHub
Aims to identify sleeping beacons
☆662Jan 25, 2026Updated last month
rsmudge / unhook-bof
View on GitHub
Remove API hooks from a Beacon process.
☆282Sep 18, 2021Updated 4 years ago
Cracked5pider / KaynStrike
View on GitHub
UDRL for CS
☆444Dec 3, 2023Updated 2 years ago
boku7 / spawn
View on GitHub
Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…
☆470Mar 8, 2023Updated 2 years ago
rad9800 / VehApiResolve
View on GitHub
☆118Aug 7, 2022Updated 3 years ago
Dec0ne / HWSyscalls
View on GitHub
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
☆718Jul 19, 2023Updated 2 years ago
trustedsec / COFFLoader
View on GitHub
☆615Jul 21, 2025Updated 7 months ago
paranoidninja / Process-Instrumentation-Syscall-Hook
View on GitHub
A simple program to hook the current process to identify the manual syscall executions on windows
☆265Nov 18, 2022Updated 3 years ago
WithSecureLabs / CallStackSpoofer
View on GitHub
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
☆557Apr 8, 2025Updated 10 months ago
JLospinoso / gargoyle
View on GitHub
A memory scanning evasion technique
☆899May 24, 2017Updated 8 years ago
joe-desimone / patriot
View on GitHub
☆153Jul 31, 2022Updated 3 years ago