Phantom is project created to perform loading and executing unmanaged code in memory within an IIS environment running in full‑trust mode. Instead of relying on file‑based approach, it uses reflective loading techniques to inject and run a unmanaged DLL inside the memory space of the w3wp.exe worker pool process
☆107Jun 5, 2026Updated 3 weeks ago
Alternatives and similar repositories for Phantom
Users that are interested in Phantom are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆84Apr 8, 2026Updated 2 months ago
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆85Mar 15, 2026Updated 3 months ago
- CVE-2025-59501 POC code☆26Nov 20, 2025Updated 7 months ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 9 months ago
- Nim implementation for sud0Ru's Credential Dumping from SAM/SECURITY Hives Method (a.k.a. SilentHarvest)☆106Apr 4, 2026Updated 2 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Pipeleek scans CI/CD logs and artifacts to detect leaked secrets and pivot from them☆20Updated this week
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself☆98Apr 9, 2026Updated 2 months ago
- rust port of pspy with support for process monitoring over dbus☆38Jan 4, 2026Updated 5 months ago
- Parses logs created by Cobalt Strike, Brute Ratel, OC2 and creates an SQLite DB which can be used to create custom reports.☆31Mar 18, 2026Updated 3 months ago
- 用于绕过杀软的加载器☆30Oct 13, 2025Updated 8 months ago
- Clipboard for Command and Control between VDI, RDP and Others on Windows☆52Dec 7, 2025Updated 6 months ago
- A Pentesters Confluence Keyword Scanner☆21Dec 3, 2024Updated last year
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆71Dec 25, 2025Updated 6 months ago
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆86Jan 26, 2026Updated 5 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Windows security research toolkit for LPE, persistence, COM hijacking, and attack surface enumeration.☆186Jun 13, 2026Updated 2 weeks ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆33Sep 24, 2025Updated 9 months ago
- ASPX Web Shell with COFF Loader☆132Mar 10, 2026Updated 3 months ago
- Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by …☆266Apr 16, 2026Updated 2 months ago
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆69Jan 5, 2026Updated 5 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆238May 23, 2026Updated last month
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated last year
- Updated version of a long known self deletion technique to work with 24H2.☆62Jun 9, 2025Updated last year
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆102Jan 2, 2026Updated 5 months ago
- Cobalt Strike BOF☆58Dec 10, 2025Updated 6 months ago
- Small utility script to notify via Slack about Hashcat's progress during a password cracking session☆10Mar 10, 2019Updated 7 years ago
- Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence☆65Jun 23, 2025Updated last year
- Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.☆401Updated this week
- Tool to enumerate privileged Scheduled Tasks on Remote Systems☆306Mar 29, 2026Updated 2 months ago
- Reports on Driver, LSASS and other security services mitigations☆35Aug 18, 2025Updated 10 months ago
- Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading …☆165Feb 14, 2026Updated 4 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆42Aug 5, 2025Updated 10 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques☆130Dec 28, 2025Updated 6 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆210Dec 30, 2025Updated 5 months ago
- 这是一款现代、高性能的跨平台 C2 架构系统。采用 Rust 编写受控端,Go 编写服务端,以及 Vue 3 极致轻量化 UI�。深度融合 MCP 协议,开启 AI 自动化攻防新篇章。☆87Feb 28, 2026Updated 4 months ago
- Mythic C2 Agent written in x64 PIC C☆85Jan 29, 2025Updated last year
- ☆200Nov 13, 2025Updated 7 months ago
- Experimental and sneaky backdoor patch for OpenSSH Portable.☆25Dec 21, 2021Updated 4 years ago
- ☆15Aug 27, 2020Updated 5 years ago