A collection of PoCs to do common things in unconventional ways
☆121Aug 31, 2025Updated 6 months ago
Alternatives and similar repositories for function-collections
Users that are interested in function-collections are comparing it to the libraries listed below
Sorting:
- A hoontr must hoont☆105Nov 27, 2025Updated 3 months ago
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆199Dec 30, 2025Updated 2 months ago
- A lexer and parser for Sleep☆20Feb 20, 2026Updated last week
- ☆109Feb 17, 2025Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆281Sep 18, 2024Updated last year
- Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.☆68Nov 15, 2025Updated 3 months ago
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…☆93Jan 21, 2026Updated last month
- Adversary Emulation Framework☆130Jul 1, 2025Updated 8 months ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆128Jan 28, 2026Updated last month
- A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.☆17Feb 3, 2025Updated last year
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆85Oct 20, 2025Updated 4 months ago
- Stage 0☆169Dec 18, 2024Updated last year
- Hide your P/Invoke signatures through other people's signed assemblies☆211Mar 10, 2024Updated last year
- Generate Proxy DLLs in Rust☆47Sep 2, 2025Updated 5 months ago
- ☆108Aug 21, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Rainbow table generation & lookup tools.☆31Dec 17, 2025Updated 2 months ago
- Early Bird APC Injection in Rust☆63Oct 9, 2024Updated last year
- Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls☆217Aug 31, 2025Updated 6 months ago
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- Rust crate to obfuscate strings and byte arrays so they are not in memory when not in use.☆19Dec 23, 2025Updated 2 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆409Jan 11, 2026Updated last month
- BOF to decrypt Signal Desktop chat logs☆71Feb 20, 2025Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆137Apr 18, 2025Updated 10 months ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆93Jul 7, 2025Updated 7 months ago
- Section-based payload obfuscation technique for x64☆64Aug 8, 2024Updated last year
- A Crystal Palace shared library to resolve & perform syscalls☆56Oct 29, 2025Updated 4 months ago
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- The most extensive collection of BOFs (Beacon Object Files) tailored for Red Teams using C++23☆23Jun 19, 2025Updated 8 months ago
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆199Jun 17, 2025Updated 8 months ago
- PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin☆121Jan 4, 2026Updated last month
- BOF with Synthetic Stackframe☆225Oct 30, 2025Updated 4 months ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆281Feb 24, 2025Updated last year
- Blog/Journal on how to backdoor VSCode extensions☆76Updated this week
- Lateral movement with DCOM DLL hijacking☆177Jul 4, 2025Updated 7 months ago