Overview: This tool demonstrates an advanced in-memory evasion technique that spoofs the thread call stack. It's designed to bypass thread-based memory examination rules, making it harder for analysts to detect injected shellcode within process memory.

Overview: This proof-of-concept implementation demonstrates how to spoof arbitrary call stacks during system calls, such as NtOpenProcess. It's a more advanced technique that builds upon the concepts introduced in ThreadStackSpoofer.

Overview: Draugr is a Cobalt Strike Beacon
Object File (BOF) template that facilitates the creation of synthetic stack frames, effectively spoofing the call stack during execution. It utilizes gadgets from KERNELBASE.DLL to achieve this

Overview: LoudSunRun is a technique that involves stack spoofing with synthetic frames. It calculates the total stack size of fake frames and adjusts stack arguments accordingly to obscure the true execution path.

Overview: BokuLoader is a proof-of-concept Cobalt Strike Reflective Loader that aims to recreate, integrate, and enhance Cobalt Strike's evasion features. It combines various evasion techniques, including call stack spoofing, to achieve stealthy execution.