A lightweight DLL patching framework using auto-detected post-init call-sites and unused .text regions for low-overhead execution redirection.

COM Hijacking VOODOO

Memshell

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (Draugr)

Situational Awareness commands implemented using Beacon Object Files

Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption

Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

The swiss army knife of LSASS dumping

Local privilege escalation PoC exploit for CVE-2019-16098

BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055, CVE-2026-3609, CVE-2026-8501).

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Malformed ZIP archive that evades antivirus detection by declaring Method=0 (stored) while containing DEFLATE-compressed payload.

Tiny SHell - An open-source UNIX backdoor (I'm not the author!)

Say "yes" to IDA Pro MCP but not always

Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis. 51 rules mapped to OWASP Agentic Top 10 (2026). Works with LangChain, CrewAI, AutoGen.

Predict.fun market maker + arbitrage bot with desktop console

real time face swap and one-click video deepfake with only a single image

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

使用硅基流动API自动挖掘固件漏洞的工具

使用skill让 AI Agent 像安全分析师一样分析恶意样本 | AI Agent skill for automated malware analysis using IDA Pro

iOS <=26.0.1 DarkSword Kernel Exploit reimplemented in Objective-C

Claude Code 免杀 SubAgents

Rust SSH client & server library

Decompiler, deminifier and deobfuscator for Bun-compiled standalone JavaScript binaries

One‑click OpenClaw SSH tunnel + Web UI starter. No terminal needed. Every day Use.

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

A framework for efficient model inference with omni-modality models