Windows绕过EDR实现DumpHash

SharpSploit is a .NET post-exploitation library written in C#

A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.

Open Source EDR for Windows

逆向Sysmon网络监控模块，只是存粹的逆向还原代码，隐藏了商业化部分代码。

proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC

Elevate arbitrary MSR writes to kernel execution.

Windows 11 24H2-25H2 Runtime PatchGuard Bypass

Bypassing PatchGuard at Runtime - Windows 11 25H2

BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055, CVE-2026-3609, CVE-2026-8501).

CVE-2023-38831 is a Zero-day WinRAR vulnerability that lets attackers disguise malicious files in archives, tricking users into executing harmful content.

ChromeDebugLnk 是一个基于 Go 语言开发的 Windows 工具，专门用于修改桌面、任务栏或用户指定路径中的浏览器快捷方式（支持 Chrome、Edge 和 Opera），以启用远程调试模式。该工具需要以管理员权限（UAC）运行，以绕过如 360 安全卫士等安全软件的限制，允许无缝修改快捷方式的属性。此外，它还提供通过修改 Windows 注册表来限制 Chrome 浏览器隐…

The Linux port of the Sysinternals Sysmon tool.

LuLu is the free open-source macOS firewall

A tool for quickly evaluating IAM permissions in AWS.

一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.

哥斯拉

An AWS IAM Privilege Escalation Path Library

Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

aws-runas rewritten in Go

AWS云平台 AccessKey 泄漏利用工具

A utility to convert your AWS CLI credentials into AWS console access.

云安全利用工具-云平台AK/SK-WEB利用工具，添加AK/SK自动检测资源，无需手动执行，支持云服务器、存储桶、数据库操作

Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).

KubePot is a kubernetes honey pod

Cross-platform filesystem notifications for Go.

应急响应实战笔记，一个安全工程师的自我修养。

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows