EternalBlue suite remade in C/C++ which includes: MS17-010 Exploit, EternalBlue vulnerability detector, DoublePulsar detector and DoublePulsar Shellcode & DLL uploader

A Claude Code plugin that shows what's happening - context usage, active tools, running agents, and todo progress

DCOM in memory and fileless lateral movement techniques through .Net deserilization

This is NOT a third-party Claude Code client. ClawGod is a runtime patch applied on top of the official Claude Code. It works with any version — as Claude Code updates, the patch continues to take …

Zipline, a Pythonic Algorithmic Trading Library

COM Windows Persistence Technique

AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to…

RoguePlanet Windows Defender Vulnerability

PoC for covert persistence via Windows Push Task Scheduler (WPTaskScheduler) RPC interface — invisible to schtasks, Get-ScheduledTask, and all standard enumeration tools. 利用 Windows Push Task Sched…

Windows 7 API Extensions

Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by surgically patching SeCiCallbacks via native subsystem. Inclu…

claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for a s…

Fix X/Twitter and Bluesky embeds! Use multiple images, videos, polls, translations and more on Discord, Telegram and others

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle..

Cockpit is a web-based graphical interface for servers.

Toolbox for everyone

Modular User-Defined Reflective Loader (UDRL) built on Crystal Palace for controlled DLL execution and evasion research.

AdaptixC2 default beacon agent extended to support Crystal Palace loaders.

Security scanner for AI agent skills. Detect vulnerabilities, malicious patterns, and security risks.

How GitHub Actions workflows can be hacked

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)

GitHub Actions Cache Native Malware - for Educational and Research Purposes only.

This project is aimed at freely providing technical guides on various hacking topics.

A little tool to play with Windows security

Static devirtualizer for VMProtect 3.0-3.5. Lifts virtualized code to LLVM using Remill and strips the VM layer through optimization.

CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL)

Scalable fuzzing infrastructure.

The easiest way to run WireGuard VPN + Web-based Admin UI.