Phantom is project created to perform loading and executing .NET assemblies directly in memory within an IIS environment running in full‑trust mode. Instead of relying on file‑based approach, it uses reflective loading techniques to inject and run a DLL inside the memory space of the w3wp.exe worker pool process
☆103Mar 10, 2026Updated last month
Alternatives and similar repositories for Phantom
Users that are interested in Phantom are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆77Apr 8, 2026Updated 2 weeks ago
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆76Mar 15, 2026Updated last month
- CVE-2025-59501 POC code☆26Nov 20, 2025Updated 5 months ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 7 months ago
- Nim implementation for sud0Ru's Credential Dumping from SAM/SECURITY Hives Method (a.k.a. SilentHarvest)☆101Apr 4, 2026Updated 3 weeks ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Pipeleek scans CI/CD logs and artifacts to detect leaked secrets and pivot from them☆19Updated this week
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself☆89Apr 9, 2026Updated 2 weeks ago
- rust port of pspy with support for process monitoring over dbus☆37Jan 4, 2026Updated 3 months ago
- Parses logs created by Cobalt Strike, Brute Ratel, OC2 and creates an SQLite DB which can be used to create custom reports.☆27Mar 18, 2026Updated last month
- 用于绕过杀软的加载器☆31Oct 13, 2025Updated 6 months ago
- Clipboard for Command and Control between VDI, RDP and Others on Windows☆52Dec 7, 2025Updated 4 months ago
- A Pentesters Confluence Keyword Scanner☆17Dec 3, 2024Updated last year
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆68Dec 25, 2025Updated 4 months ago
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆86Jan 26, 2026Updated 3 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ASPX Web Shell with COFF Loader☆129Mar 10, 2026Updated last month
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆33Sep 24, 2025Updated 7 months ago
- Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by …☆212Apr 16, 2026Updated last week
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆69Jan 5, 2026Updated 3 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆232Nov 6, 2025Updated 5 months ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated last year
- Updated version of a long known self deletion technique to work with 24H2.☆62Jun 9, 2025Updated 10 months ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆96Jan 2, 2026Updated 3 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- 这是一款现代、高性能的跨平台 C2 架构系统。采用 Rust 编写受控端,Go 编写服务端,以及 Vue 3 极致轻量化 UI。深度融合 MCP 协议,开启 AI 自动化攻防新篇章。☆75Feb 28, 2026Updated 2 months ago
- Cobalt Strike BOF☆55Dec 10, 2025Updated 4 months ago
- Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.☆376Updated this week
- Small utility script to notify via Slack about Hashcat's progress during a password cracking session☆10Mar 10, 2019Updated 7 years ago
- Tool to enumerate privileged Scheduled Tasks on Remote Systems☆294Mar 29, 2026Updated 3 weeks ago
- Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence☆64Jun 23, 2025Updated 10 months ago
- Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques☆113Dec 28, 2025Updated 4 months ago
- Reports on Driver, LSASS and other security services mitigations☆34Aug 18, 2025Updated 8 months ago
- Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading …☆159Feb 14, 2026Updated 2 months ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆41Aug 5, 2025Updated 8 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆204Dec 30, 2025Updated 3 months ago
- Mythic C2 Agent written in x64 PIC C☆87Jan 29, 2025Updated last year
- ☆195Nov 13, 2025Updated 5 months ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆133Jan 28, 2026Updated 3 months ago
- Experimental and sneaky backdoor patch for OpenSSH Portable.☆26Dec 21, 2021Updated 4 years ago
- ☆15Aug 27, 2020Updated 5 years ago