Deception implementation through analysis of BloodHound data

An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

Windows Kernel Rootkit in Rust

This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, C2 servers, backdoors, exploitation techniques, stage…

Evasive shellcode loader

Performing Indirect Clean Syscalls

Sysmon-Like research tool for ETW

Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

C2 Infrastructure Automation

Indirect Syscall implementation to bypass userland NTAPIs hooking.

PhantomsGate: Advanced Shellcode Injection Technique

This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4 (https://bruteratel.com/)

EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual.

A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.

POC for frustrating/defeating Malware Analysts

The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously.

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

Shellcode Compiler

ROP-based sleep obfuscation to evade memory scanners

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.

Source generator to add D/Invoke and indirect syscall methods to a C# project.

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

Demonstration of Early Bird APC Injection - MITRE ID T1055.004

EternalHush - new free advanced open-source c2 framework

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su…