Ducknobee's Stars
owasp-modsecurity/ModSecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
apernet/OpenGFW
OpenGFW is a flexible, easy-to-use, open source implementation of GFW (Great Firewall of China) on Linux
BlackINT3/none
UNONE and KNONE is a couple of open source base library that makes it easy to develop software on Windows.
TideSec/BypassAntiVirus
远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
nek0YanSu/CheckVM-Sandbox
source code
ZanderChang/anti-sandbox
Windows对抗沙箱和虚拟机的方法总结
vvmdx/Sec-Interview-4-2023
一个2023届毕业生在毕业前持续更新、收集的安全岗面试题及面试经验分享~
Ne0nd0g/merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
emilyanncr/Windows-Post-Exploitation
Windows post-exploitation tools, resources, techniques and commands to use during post-exploitation phase of penetration test. Contributions are appreciated. Enjoy!
BishopFox/sliver
Adversary Emulation Framework
n1nj4sec/pupy
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
xinyugit/KmdManager
dirver loader tool
mgeeky/ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
CCob/ThreadlessInject
Threadless Process Injection using remote function hooking.
qi4L/Unhooker-go
EDR绕过demo
Airboi/bypass-av-note
免杀技术大杂烩---乱拳也打不死老师傅
skyw4tch3r/RootKits-List-Download
This is the list of all rootkits found so far on github and other sites.
ciyze0101/Windows-Rootkits
gtworek/Priv2Admin
Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
SaadAhla/HeapCrypt
Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap
HavocFramework/Havoc
The Havoc Framework.
itm4n/PrintSpoofer
Abusing impersonation privileges through the "Printer Bug"
TheWover/donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
S3cur3Th1sSh1t/MultiPotato
jthuraisamy/SysWhispers
AV/EDR evasion via direct system calls.
jthuraisamy/SysWhispers2
AV/EDR evasion via direct system calls.
med0x2e/ExecuteAssembly
Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash).
makoto56/penetration-suite-toolkit
本项目制作的初衷是帮助渗透新手快速搭建工作环境,工欲善其事,必先利其器。
tib36/PhishingBook
红蓝对抗:钓鱼演练资源汇总&备忘录
alphaSeclab/awesome-rat
RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.