Phantom is project created to perform loading and executing .NET assemblies directly in memory within an IIS environment running in full‑trust mode. Instead of relying on file‑based approach, it uses reflective loading techniques to inject and run a DLL inside the memory space of the w3wp.exe worker pool process
☆68Mar 10, 2026Updated last week
Alternatives and similar repositories for Phantom
Users that are interested in Phantom are comparing it to the libraries listed below
Sorting:
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆64Dec 25, 2025Updated 2 months ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆32Sep 24, 2025Updated 5 months ago
- Small utility script to notify via Slack about Hashcat's progress during a password cracking session☆10Mar 10, 2019Updated 7 years ago
- CVE-2025-59501 POC code☆25Nov 20, 2025Updated 3 months ago
- Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence☆63Jun 23, 2025Updated 8 months ago
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆84Jan 26, 2026Updated last month
- A multi-platform CI/CD vulnerability detection and attack automation tool for identifying security weaknesses in pipeline configurations.☆55Updated this week
- Cobalt Strike BOF☆43Dec 10, 2025Updated 3 months ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 6 months ago
- ☆17Nov 15, 2022Updated 3 years ago
- ☆63May 31, 2024Updated last year
- Updated version of a long known self deletion technique to work with 24H2.☆61Jun 9, 2025Updated 9 months ago
- Parses logs created by Cobalt Strike or Brute Ratel and creates an SQLite DB which can be used to create custom reports.☆24Jan 15, 2026Updated 2 months ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- A TUI for Active Directory collection.☆129Updated this week
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆200Dec 30, 2025Updated 2 months ago
- MacOS Shared Library to Shellcode Loader☆60Feb 23, 2026Updated 3 weeks ago
- An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.☆21Dec 15, 2024Updated last year
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆91Jan 2, 2026Updated 2 months ago
- Mythic C2 Agent written in x64 PIC C☆84Jan 29, 2025Updated last year
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆65Jan 5, 2026Updated 2 months ago
- rust port of pspy with support for process monitoring over dbus☆36Jan 4, 2026Updated 2 months ago
- Backend for Nuclear Pond☆21Dec 7, 2023Updated 2 years ago
- A tool to calculate big numbers, perform hashing and encodings.☆19May 29, 2017Updated 8 years ago
- Golang search engine scraper intended for identification of published ClickOnce deployments☆92Nov 19, 2024Updated last year
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 11 months ago
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- 这是一个从黑暗搜索引擎 搜索查找存在此反序列化漏洞 的批量检测脚本☆11Feb 23, 2023Updated 3 years ago
- Reports on Driver, LSASS and other security services mitigations☆34Aug 18, 2025Updated 7 months ago
- Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading …☆144Feb 14, 2026Updated last month
- A Large Action Model designed to operate on MacOS or Windows which interacts with common C2 interfaces such as Cobalt Strike, Havoc, or B…☆26Feb 29, 2024Updated 2 years ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆37Aug 5, 2025Updated 7 months ago
- C# utility that uses WMI to run "cmd.exe /c netstat -n", save the output to a file, then use SMB to read and delete the file remotely☆38Jan 3, 2020Updated 6 years ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆129Jan 28, 2026Updated last month
- ☆110Feb 17, 2025Updated last year
- POC code to crash Windows Event Logger Service☆27Oct 16, 2020Updated 5 years ago
- This repo contains useful scripts that AI created for me which I would have been too lazy for☆93Feb 22, 2026Updated 3 weeks ago
- Card calculator and Proxmark3 Plugin for writing and/or simulating every card type that Doppelgänger Community, Pro, Stealth, and MFAS su…☆27Dec 19, 2025Updated 2 months ago
- Python script to compress VBA macro files☆24Feb 2, 2023Updated 3 years ago