Phantom is project created to perform loading and executing .NET assemblies directly in memory within an IIS environment running in full‑trust mode. Instead of relying on file‑based approach, it uses reflective loading techniques to inject and run a DLL inside the memory space of the w3wp.exe worker pool process
☆98Mar 10, 2026Updated 3 weeks ago
Alternatives and similar repositories for Phantom
Users that are interested in Phantom are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆59Updated this week
- CVE-2025-59501 POC code☆26Nov 20, 2025Updated 4 months ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 7 months ago
- Pipeleek scans CI/CD logs and artifacts to detect leaked secrets and pivot from them☆19Updated this week
- rust port of pspy with support for process monitoring over dbus☆37Jan 4, 2026Updated 3 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- 用于绕过杀软的加载器☆30Oct 13, 2025Updated 5 months ago
- Parses logs created by Cobalt Strike, Brute Ratel, OC2 and creates an SQLite DB which can be used to create custom reports.☆27Mar 18, 2026Updated 3 weeks ago
- A Pentesters Confluence Keyword Scanner☆17Dec 3, 2024Updated last year
- Clipboard for Command and Control between VDI, RDP and Others on Windows☆52Dec 7, 2025Updated 4 months ago
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆64Dec 25, 2025Updated 3 months ago
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆86Jan 26, 2026Updated 2 months ago
- ASPX Web Shell with COFF Loader☆126Mar 10, 2026Updated 3 weeks ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆32Sep 24, 2025Updated 6 months ago
- Two WinForms GUI tools for enumerating, searching, and exfiltrating data from M365 environments using application-level OAuth tokens☆155Mar 4, 2026Updated last month
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆68Jan 5, 2026Updated 3 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆231Nov 6, 2025Updated 5 months ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆94Jan 2, 2026Updated 3 months ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 11 months ago
- Updated version of a long known self deletion technique to work with 24H2.☆61Jun 9, 2025Updated 9 months ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- NTLM HTTP relay tool with SOCKS proxy for browser session hijacking☆108Updated this week
- Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.☆340Updated this week
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 11 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Prevent in-process process termination by patching exit APIs☆65Nov 9, 2025Updated 4 months ago
- Cobalt Strike BOF☆43Dec 10, 2025Updated 3 months ago
- Bring your own Unwind Data Framework☆116Mar 15, 2026Updated 3 weeks ago
- Tool to enumerate privileged Scheduled Tasks on Remote Systems☆289Mar 29, 2026Updated last week
- Small utility script to notify via Slack about Hashcat's progress during a password cracking session☆10Mar 10, 2019Updated 7 years ago
- Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence☆63Jun 23, 2025Updated 9 months ago
- Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques☆112Dec 28, 2025Updated 3 months ago
- Reports on Driver, LSASS and other security services mitigations☆34Aug 18, 2025Updated 7 months ago
- Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading …☆150Feb 14, 2026Updated last month
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆39Aug 5, 2025Updated 8 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆202Dec 30, 2025Updated 3 months ago
- ☆191Nov 13, 2025Updated 4 months ago
- Mythic C2 Agent written in x64 PIC C☆84Jan 29, 2025Updated last year
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆129Jan 28, 2026Updated 2 months ago
- A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and sta…☆184Mar 15, 2026Updated 3 weeks ago
- ☆15Aug 27, 2020Updated 5 years ago