Phantom is project created to perform loading and executing unmanaged code in memory within an IIS environment running in full‑trust mode. Instead of relying on file‑based approach, it uses reflective loading techniques to inject and run a unmanaged DLL inside the memory space of the w3wp.exe worker pool process
☆103Apr 27, 2026Updated 3 weeks ago
Alternatives and similar repositories for Phantom
Users that are interested in Phantom are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆82Apr 8, 2026Updated last month
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆83Mar 15, 2026Updated 2 months ago
- CVE-2025-59501 POC code☆26Nov 20, 2025Updated 5 months ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 8 months ago
- Nim implementation for sud0Ru's Credential Dumping from SAM/SECURITY Hives Method (a.k.a. SilentHarvest)☆105Apr 4, 2026Updated last month
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Pipeleek scans CI/CD logs and artifacts to detect leaked secrets and pivot from them☆19Updated this week
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself☆95Apr 9, 2026Updated last month
- rust port of pspy with support for process monitoring over dbus☆37Jan 4, 2026Updated 4 months ago
- Parses logs created by Cobalt Strike, Brute Ratel, OC2 and creates an SQLite DB which can be used to create custom reports.☆27Mar 18, 2026Updated 2 months ago
- 用于绕过杀软的加载器☆31Oct 13, 2025Updated 7 months ago
- Clipboard for Command and Control between VDI, RDP and Others on Windows☆52Dec 7, 2025Updated 5 months ago
- A Pentesters Confluence Keyword Scanner☆17Dec 3, 2024Updated last year
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆68Dec 25, 2025Updated 4 months ago
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆86Jan 26, 2026Updated 3 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ASPX Web Shell with COFF Loader☆129Mar 10, 2026Updated 2 months ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆33Sep 24, 2025Updated 7 months ago
- Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by …☆228Apr 16, 2026Updated last month
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆69Jan 5, 2026Updated 4 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆234Nov 6, 2025Updated 6 months ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated last year
- Updated version of a long known self deletion technique to work with 24H2.☆62Jun 9, 2025Updated 11 months ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆96Jan 2, 2026Updated 4 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Cobalt Strike BOF☆56Dec 10, 2025Updated 5 months ago
- 这是一款现代、高性能的跨平台 C2 架构系统。采用 Rust 编写受控端,Go 编写服务端,以及 Vue 3 极致轻量化 UI。深度融合 MCP 协议,开启 AI 自动化攻防新篇章。☆79Feb 28, 2026Updated 2 months ago
- Small utility script to notify via Slack about Hashcat's progress during a password cracking session☆10Mar 10, 2019Updated 7 years ago
- Tool to enumerate privileged Scheduled Tasks on Remote Systems☆297Mar 29, 2026Updated last month
- Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.☆390May 12, 2026Updated last week
- Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence☆64Jun 23, 2025Updated 10 months ago
- Reports on Driver, LSASS and other security services mitigations☆35Aug 18, 2025Updated 9 months ago
- Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading …☆161Feb 14, 2026Updated 3 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆41Aug 5, 2025Updated 9 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques☆128Dec 28, 2025Updated 4 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆206Dec 30, 2025Updated 4 months ago
- Mythic C2 Agent written in x64 PIC C☆87Jan 29, 2025Updated last year
- ☆198Nov 13, 2025Updated 6 months ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆134Jan 28, 2026Updated 3 months ago
- Experimental and sneaky backdoor patch for OpenSSH Portable.☆26Dec 21, 2021Updated 4 years ago
- ☆15Aug 27, 2020Updated 5 years ago