CallStackMasker
Call Stack Spoofer
A proof-of-concept technique for dynamically spoofing an application's call stack using timers.
A PoC implementation for dynamically masking call stacks with timers.
256 stars
4 watching
34 forks
Language: C++
last commit: almost 2 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 boku7/spawn | A Cobalt Strike Beacon tool that spawns a sacrificial process to execute shellcode, using techniques like Arbitrary Code Guard and PPID spoofing to evade detection. | 440 |
 burpheart/cs_mock | A tool to simulate a Cobalt Strike beacon connection packet by parsing the payload and extracting RSA public key | 78 |
 mgeeky/threadstackspoofer | An advanced in-memory evasion technique to hide injected shellcode's memory allocation from scanners and analysts. | 1,053 |
 splunk/melting-cobalt | Tool to hunt and mine Cobalt Strike beacons from internet-connected services | 164 |
 wkl-sec/malleable-cs-profiles | A collection of tools to generate and modify shellcode profiles to evade detection in Cobalt Strike | 384 |
| cobalt-strike/unhook-bof | Removes API hooks from a malicious process | 54 |
 eremit4/cs-discovery | Detects malicious servers in network traffic by analyzing encoded byte patterns | 20 |
 nvisosecurity/cobaltwhispers | An aggressor script that allows Cobalt Strike to perform process injection and persistence by leveraging direct syscalls to bypass EDR/AV systems. | 229 |
 b1tg/cobaltstrike-beacon-rust | A Cobalt Strike beacon implementation in Rust for creating malicious network connections | 180 |
 huoji120/cobaltstrikedetected | Detects potential Cobalt Strike malware by analyzing memory allocation patterns during code execution | 272 |
 nexusfuzzy/cobaltspam | A tool designed to send fake beacons to a CobaltStrike server as part of a defensive measure | 366 |
 vysecurity/cobaltsplunk | A tool to collect, monitor and analyze Cobalt Strike logs in a Splunk environment | 85 |
 passthehashbrowns/bofmask | A proof-of-concept project demonstrating how to mask Beacon's payload execution in Cobalt Strike while executing a user-provided BOF. | 110 |
 3lp4tr0n/beaconhunter | A tool for detecting and responding to potential Cobalt Strike beacons using Extended Trace Record (ETW) tracing | 482 |
 s1ckb0y1337/cobalt-strike-cheatsheet | A comprehensive guide to Cobalt Strike's functionality and usage. | 989 |