Polymorphic x64 shellcode loader — indirect syscalls, phantom DLL hollowing, call stack spoofing, patchless AMSI/ETW bypass, zero CRT dependency
☆23May 24, 2026Updated last month
Alternatives and similar repositories for zero-loader
Users that are interested in zero-loader are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A small set of Beacon Object Files (BOFs) that I developed over the time with a Magic: The Gathering theme.☆21Jul 15, 2025Updated last year
- Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.☆46Jun 18, 2026Updated 3 weeks ago
- Havoc BOF implementation of BYOVD attack to terminate PPL-protected EDR processes using a signed Microsoft kernel driver.☆39Apr 6, 2026Updated 3 months ago
- CVE-2025-6218 is a directory traversal vulnerability in WinRAR that allows an attacker to place files outside the intended extraction dir…☆18Jul 10, 2025Updated last year
- Free rolimons trade ad bot. This is smarter and WAY better than any other bot.☆19Apr 13, 2025Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR…☆108Updated this week
- open source implementation of the UDC2 spec used in Cobalt Strike☆54Jul 4, 2026Updated last week
- Reimplementing Havoc Pro Runtime Channel Switching and Cobalt Strike UDC2 features.☆46Jun 23, 2026Updated 3 weeks ago
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago
- AdaptixC2 default beacon agent extended to support Crystal Palace loaders.☆62May 4, 2026Updated 2 months ago
- BOF for extracting Edge credentials from the main browser process.☆48May 5, 2026Updated 2 months ago
- Object file loader implemented as a post-ex DLL for asynchronous BOF execution.☆29Jun 15, 2026Updated 3 weeks ago
- Active Directory forensic framework☆16May 18, 2026Updated last month
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Uploads & updates models in bulk☆12Jan 27, 2026Updated 5 months ago
- A Cobalt Strike Beacon Object File that exploits the BlueHammer vulnerability that to obtain a copy of the SAM database.☆166Apr 15, 2026Updated 2 months ago
- Tiny and fast port scanner (Sliver edition)☆31Feb 17, 2026Updated 4 months ago
- Capture incoming TGTs in pure PowerShell to avoid using Rubeus☆30Mar 29, 2026Updated 3 months ago
- Async BOF to monitor and detect clipboard changes on a target system and return the clipboard contents.☆22May 5, 2026Updated 2 months ago
- A credential extraction BOF for Veeam Backup and Replication and Veeam One☆78Jul 1, 2026Updated last week
- Backdooring Claude Code via hooks in settings.json. Authorized use only!☆81Apr 16, 2026Updated 2 months ago
- Stack spoofing Detection for CET processes by comparing shadow and user stacks.☆36May 22, 2026Updated last month
- Windows memory scanner for call stack spoofing detection, unbacked shellcode, injected DLLs and in-memory C2 implants.☆37May 22, 2026Updated last month
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- ☆41Oct 16, 2025Updated 8 months ago
- Tool to bypass LSA Protection (aka Protected Process Light)☆63Jan 2, 2025Updated last year
- My studies on Malware Development☆20Jul 6, 2026Updated last week
- A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…☆132Jan 21, 2026Updated 5 months ago
- The samples referenced in my book, Evasive Malware (No starch Press)☆62Feb 20, 2026Updated 4 months ago
- Native C++ access to Active Directory over ADWS, no .NET, no WCF, no HTTP stack.☆81Mar 27, 2026Updated 3 months ago
- ☆16Apr 29, 2026Updated 2 months ago
- Advanced PoC & Research for CVE-2026-0828 (Safetica) and CVE-2025-7771 (ThrottleStop). Analysis of BYOVD (Bring Your Own Vulnerable Drive…☆45Feb 4, 2026Updated 5 months ago
- Interactive Shells like PsExec, but in Go☆16Apr 30, 2025Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆142Apr 22, 2026Updated 2 months ago
- Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique☆21Dec 3, 2024Updated last year
- ☆17May 30, 2025Updated last year
- Active Directory time discovery protocols for red teams. Stealthy extraction via Kerberos, SMB, NTLM, and CLDAP.☆71Updated this week
- Async BOF that notifies the operator when a user connects to a local or remote target system.☆34Jun 17, 2026Updated 3 weeks ago
- ☆10Sep 28, 2023Updated 2 years ago
- Beacon Object File to Enable Chrome DevTools Protocol (CDP)☆116Jul 1, 2026Updated last week