A stealthy and modular Windows loader designed to bypass modern EDR solutions using Module Stomping, Stack Duplication, and Advanced Sleep Obfuscation.
☆66Jul 11, 2026Updated this week
Alternatives and similar repositories for XeraLdr
Users that are interested in XeraLdr are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- NØW is a word-based shellcode encoding and obfuscation tool that transforms raw shellcode bytes into natural-looking English prose.☆68Jun 24, 2026Updated 3 weeks ago
- Another new coercion primitive with LPE - machine-account NTLM coercion from a non-admin user via Windows Store InstallService plugin res…☆86Jun 20, 2026Updated 3 weeks ago
- Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants☆192Jun 6, 2026Updated last month
- Dump TGTs remotely and convert Windows' klist binary output to ccache.☆80Jun 30, 2026Updated 2 weeks ago
- Async port scanner BOF. Supports IP/port ranges, CIDR notation and hostnames.☆18Jun 17, 2026Updated 3 weeks ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- ☆24Updated this week
- Sleep replacement that executes real, varied work to break behavioral pattern matching by EDR and anti-cheat systems☆34Jun 10, 2026Updated last month
- Clean Indirect Syscalls with Hook Evasion & Return Address Spoofing.☆97Apr 30, 2026Updated 2 months ago
- psexec-like remote execution using the paexec wire protocol that supports paexec and remoteexecm2 from manageengine adselfservice plus☆43Mar 24, 2026Updated 3 months ago
- Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. Project Onyx is a PoC Red Team pipeline designed to demonstrate advance…☆113Jun 30, 2026Updated 2 weeks ago
- Tyche is a Mythic HTTPX Profile Generator used to create Malleable C2 Profiles.☆46Mar 28, 2026Updated 3 months ago
- KHAOS is a modern C2 framework that routes agent traffic through cloud services already trusted by enterprise networks.☆186Updated this week
- AdaptixC2 default beacon agent extended to support Crystal Palace loaders.☆62May 4, 2026Updated 2 months ago
- A shellcode loader generator with support for multiple injection techniques, built for red team engagements.☆93Jul 1, 2026Updated last week
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- DCOM in memory and fileless lateral movement techniques through .Net deserilization☆272Jun 22, 2026Updated 3 weeks ago
- .NET CLR-Stomping☆146May 20, 2026Updated last month
- Transform LDAP filters, BaseDNs, attribute lists, and attribute entries using composable middleware chains. Zero dependencies. Works as a…☆42Apr 13, 2026Updated 3 months ago
- Full exploit code for CVE-2026-40369 - A Windows kernel arbitrary write vulnerability that allows browser sandbox escape from all browser…☆254May 18, 2026Updated last month
- ASPX Web Shell with COFF Loader☆133Mar 10, 2026Updated 4 months ago
- Evasive loader for .NET Framework assemblies☆82May 12, 2026Updated 2 months ago
- Code and data for our paper "Onelogon: Taking over Active Directory Accounts via Netlogon" (WOOT’26).☆107Jun 22, 2026Updated 3 weeks ago
- A EDR bypassing shellcode loader framework for Windows 10 64bit, featuring ETW/AMSI patching, Tartarus Gate, process protection and more☆57Jun 24, 2026Updated 2 weeks ago
- A Cobalt Strike Beacon Object File that exploits the BlueHammer vulnerability that to obtain a copy of the SAM database.☆166Apr 15, 2026Updated 2 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Activation Context Hijacking Evasion Tool☆293Jun 17, 2026Updated 3 weeks ago
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- Windows User-Mode Shellcode Development Framework (WUMSDF)☆144Updated this week
- Modular User-Defined Reflective Loader (UDRL) built on Crystal Palace for controlled DLL execution and evasion research.☆30Apr 14, 2026Updated 3 months ago
- Crystal Palace Evasion kit for Sliver☆96Jun 13, 2026Updated last month
- Repository hosting a hypothetical EDR Spoofer, as discovered originally by Nightmare-Eclipse☆41May 27, 2026Updated last month
- A POC tool for exploring dev-tunnels☆66May 5, 2026Updated 2 months ago
- Notion C2 Profile for Mythic☆47Apr 30, 2026Updated 2 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Beacon Object File to Enable Chrome DevTools Protocol (CDP)☆116Jul 1, 2026Updated last week
- Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR…☆108Updated this week
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆153Feb 10, 2025Updated last year
- BAADTokenBroker is a post-exploitation tool designed to interact with Microsoft Entra ID device-bound keys.☆83Apr 11, 2026Updated 3 months ago
- Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.☆46Jun 18, 2026Updated 3 weeks ago
- ☆78Updated this week
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago