Phantom is project created to perform loading and executing unmanaged code in memory within an IIS environment running in full‑trust mode. Instead of relying on file‑based approach, it uses reflective loading techniques to inject and run a unmanaged DLL inside the memory space of the w3wp.exe worker pool process
☆103Apr 27, 2026Updated last month
Alternatives and similar repositories for Phantom
Users that are interested in Phantom are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆84Apr 8, 2026Updated 2 months ago
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆83Mar 15, 2026Updated 2 months ago
- CVE-2025-59501 POC code☆26Nov 20, 2025Updated 6 months ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 9 months ago
- Nim implementation for sud0Ru's Credential Dumping from SAM/SECURITY Hives Method (a.k.a. SilentHarvest)☆105Apr 4, 2026Updated 2 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Pipeleek scans CI/CD logs and artifacts to detect leaked secrets and pivot from them☆19Updated this week
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself☆97Apr 9, 2026Updated last month
- rust port of pspy with support for process monitoring over dbus☆38Jan 4, 2026Updated 5 months ago
- Parses logs created by Cobalt Strike, Brute Ratel, OC2 and creates an SQLite DB which can be used to create custom reports.☆27Mar 18, 2026Updated 2 months ago
- 用于绕过杀软的加载器☆31Oct 13, 2025Updated 7 months ago
- Clipboard for Command and Control between VDI, RDP and Others on Windows☆52Dec 7, 2025Updated 6 months ago
- A Pentesters Confluence Keyword Scanner☆19Dec 3, 2024Updated last year
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆70Dec 25, 2025Updated 5 months ago
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆86Jan 26, 2026Updated 4 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆33Sep 24, 2025Updated 8 months ago
- ASPX Web Shell with COFF Loader☆130Mar 10, 2026Updated 2 months ago
- Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by …☆249Apr 16, 2026Updated last month
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆69Jan 5, 2026Updated 5 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆235May 23, 2026Updated 2 weeks ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated last year
- Updated version of a long known self deletion technique to work with 24H2.☆62Jun 9, 2025Updated 11 months ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆101Jan 2, 2026Updated 5 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Cobalt Strike BOF☆58Dec 10, 2025Updated 5 months ago
- Small utility script to notify via Slack about Hashcat's progress during a password cracking session☆10Mar 10, 2019Updated 7 years ago
- Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.☆394Updated this week
- Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence☆65Jun 23, 2025Updated 11 months ago
- Tool to enumerate privileged Scheduled Tasks on Remote Systems☆301Mar 29, 2026Updated 2 months ago
- Reports on Driver, LSASS and other security services mitigations☆35Aug 18, 2025Updated 9 months ago
- Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading …☆161Feb 14, 2026Updated 3 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆42Aug 5, 2025Updated 10 months ago
- Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques☆129Dec 28, 2025Updated 5 months ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆208Dec 30, 2025Updated 5 months ago
- 这是一款现代、高性能的跨平台 C2 架构系统。采用 Rust 编写受控端,Go 编写服务端,以及 Vue 3 极致轻量化 UI。深度融合 MCP 协议,开启 AI 自动化攻防新篇章。☆85Feb 28, 2026Updated 3 months ago
- Mythic C2 Agent written in x64 PIC C☆85Jan 29, 2025Updated last year
- ☆200Nov 13, 2025Updated 6 months ago
- Experimental and sneaky backdoor patch for OpenSSH Portable.☆25Dec 21, 2021Updated 4 years ago
- ☆15Aug 27, 2020Updated 5 years ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆137Jan 28, 2026Updated 4 months ago