This is your work, valued
CallstackSpoofingPOC. C++ self-Injecting dropper based on various EDR evasion techniques.
442Remote-BOF-Runner. Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.
102PICO-Implant. PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This project demonstrates that It's possible to build a multi-stage and modular C2 implant made of PICOs.
56Self-Cleaning-PICO-Loader. Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload execution.
55LibWinHttp. LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to facilitate the development of PICO modules that require HTTP/HTTPS transport layer communication.
45LibPicoManager. LibPicoManager is a unified PICO management framework that provides centralized control over PICOs in memory, enabling dynamic code loading, runtime PICO substitution, and advanced evasion techniques like sleep masking through a single RWX code block.
43LibIPC. LibIPC is a simple Crystal Palace shared library for inter-process communication, based on Named Pipes.
29Inception. ROP gadget-based sleep obfuscation technique
13GadgetInspector. Gadget-based Callstack Spoofing Detector.
13SSN_Finder. Custom implementation of the HellsGate algorithm for SSN search.
8TCG_Loaders. Proof-of-concept repository for custom loaders built on the Crystal Palace framework.
2socks_proxy. socks5 proxy server in C
1HTML2PDF_Vulnerable. Web vulnerable a SSRF mediante la generación de PDFs.
1