luom's Stars
tanakh/cmdline
A Command Line Parser
444A49/minifindings
A journal on how to disable NFZ, force FCC permanently and mute the RC on the Mavic Mini (WM160)
b0bac/GetMail
利用NTLM Hash读取Exchange邮件
thefLink/DeepSleep
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
eladshamir/RPC-Backdoor
A basic emulation of an "RPC Backdoor"
Henkru/cs-token-vault
In-memory token vault BOF for Cobalt Strike
fortra/CreateProcess
A small PoC that creates processes in Windows
Barracudach/CallStack-Spoofer
This tool will allow you to spoof the return addresses of your functions as well as system functions.
blackorbird/APT_REPORT
Interesting APT Report Collection And Some Special IOC
boku7/injectEtwBypass
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
boku7/injectAmsiBypass
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
h0ffy/cr1m3
Educational Open soure trojan skeleton by JennyLab
jthuraisamy/TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
w1u0u1/kt
Kernel file/process/object tool
w1u0u1/minidump
Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemory.
w1u0u1/NanoCore
NanoCore rat stub source code
zijie0/HumanSystemOptimization
健康学习到150岁 - 人体系统调优不完全指南
m3rcer/Chisel-Strike
A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
Wh04m1001/DFSCoerce
e-ago/bitcracker
BitCracker is the first open source password cracking tool for memory units encrypted with BitLocker
roman-miniailov/BitlockerManager
Bitlocker manager for .Net Framework
tezc/sc
Common libraries and data structures for C.
spcnvdr/xchacha20
A small C library for the XChaCha20 stream cipher
nettitude/SharpWSUS
abbodi1406/vcredist
AIO Repack for latest Microsoft Visual C++ Redistributable Runtimes
ajpc500/BOFs
Collection of Beacon Object Files
mgeeky/ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
mgeeky/ShellcodeFluctuation
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
XaFF-XaFF/Cronos-Rootkit
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
v-p-b/avpwn
List of real-world threats against endpoint protection software