A cross-platform C++ framework for building Windows shellcode
☆158Feb 25, 2026Updated last week
Alternatives and similar repositories for scfw
Users that are interested in scfw are comparing it to the libraries listed below
Sorting:
- Windows User-Mode Shellcode Development Framework (WUMSDF)☆126Nov 17, 2025Updated 3 months ago
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆122Dec 23, 2025Updated 2 months ago
- Linux Process Injection via Seccomp Notifier☆84Dec 9, 2025Updated 2 months ago
- Windows Access token manipulation tool made in C#☆24Aug 24, 2025Updated 6 months ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆77Sep 8, 2025Updated 5 months ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago
- ☆53Mar 26, 2025Updated 11 months ago
- takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities☆58Updated this week
- WinHvShellcodeEmulator (WHSE) is a shellcode emulator leveraging the Windows Hypervisor Platform API☆26Apr 24, 2022Updated 3 years ago
- Tools for attacking Computer Use Agents☆23Jan 16, 2026Updated last month
- Admin to Kernel code execution using the KSecDD driver☆265Apr 19, 2024Updated last year
- Slaying multi-language LLVM IR with obfuscation passes to achieve JIT execution☆130Dec 24, 2025Updated 2 months ago
- PowerShell-based utility for mapping byte offsets to source code using hex and ASCII context for detection research and red team tooling.☆31Dec 31, 2025Updated 2 months ago
- Compile-time Evaluable SHA3 in C++: Permutation-based Cryptographic Hashing☆14Feb 21, 2026Updated last week
- C++ macro for x64 programs that breaks ida hex-rays decompiler tool.☆140Apr 12, 2024Updated last year
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 10 months ago
- Another LLVM-obfuscator based on LLVM-17. A fork of Arkari☆110Feb 18, 2024Updated 2 years ago
- llvm powered deobfuscation of a vm-based protection☆47Feb 25, 2026Updated last week
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆211Aug 21, 2025Updated 6 months ago
- Try to transport the tcpip stack of ReactOS to Windows XP.☆17Feb 27, 2014Updated 12 years ago
- Helper scripts for windows debugging with symbols for Bochs and IDA Pro (PDB files). Very handy for user mode <--> kernel mode☆19Aug 11, 2023Updated 2 years ago
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆16Sep 4, 2020Updated 5 years ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Evasion by machine code de-optimization.☆418Jul 22, 2024Updated last year
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆68Aug 11, 2023Updated 2 years ago
- Beacon Debugger☆55Oct 28, 2024Updated last year
- Header-only C++ library for producing PE files.☆36Jun 17, 2023Updated 2 years ago
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆199Jun 17, 2025Updated 8 months ago
- ☆17Oct 31, 2022Updated 3 years ago
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆71Dec 26, 2025Updated 2 months ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆162Aug 30, 2025Updated 6 months ago
- Hooking Windows' exception dispatcher to protect process's PML4☆228Jan 24, 2025Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 9 months ago
- 跨平台模拟执行unicorn框架基于Qemu的TCG模式(Tiny Code Generator),以无硬件虚拟化支持方式实现全系统的虚拟化,支持跨平台和架构的CPU指令模拟,本文讨论是一款笔者的实验性项目采用Windows Hypervisor Platform虚拟机模式…☆79Dec 17, 2023Updated 2 years ago
- Vectored Exception Handling Squared☆29Dec 27, 2025Updated 2 months ago
- Zero-dependency MCP server implementation.☆61Feb 23, 2026Updated last week
- A Windows Named Pipe Multi-tool / Proxy☆300Dec 7, 2025Updated 2 months ago