Qt编写的一些开源的demo，预计会有100多个，一直持续更新完善，代码简洁易懂注释详细，每个都是独立项目，非常适合初学者，代码随意传播使用，拒绝打赏和捐赠，欢迎留言评论！公众号：Qt实战/Qt入门和进阶/Qt教程

A C++11 library for serialization

A modern C++ network library for developing high performance network services in TCP/UDP/HTTP protocols.

🪅 Windows User Space Emulator

Nidhogg is an all-in-one simple to use windows kernel rootkit.

library for importing functions from dlls in a hidden, reverse engineer unfriendly way

C++20, x86/x64 Hooking Libary v2.0

Collection of various malicious functionality to aid in malware development

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

Event Dispatcher and callback list for C++

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Shellcode Compiler

Malware Samples. Uploaded to GitHub for those want to analyse the code. Code mostly from: http://www.malwaretech.com

A Header-Only cross-platform C++ TCP network library . We can use vcpkg(https://github.com/Microsoft/vcpkg/tree/master/ports/brynet) install brynet.

Obfuscate specific windows apis with different apis

Header only c++ network library, based on asio,support tcp,udp,http,websocket,rpc,ssl,icmp,serial_port,socks5.

Multilayered AV/EDR Evasion Framework

Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques.

Compile-time, Usermode + Kernelmode, safe and lightweight string crypter library for C++11+

Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs

Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.

A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.

HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.

WinVisor - A hypervisor-based emulator for Windows x64 user-mode executables using Windows Hypervisor Platform API

Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avo…

Obfuscation LLVM 17

InfinityHookPro Win7 -> Win11 latest

A library to develop kernel level Windows payloads for post HVCI era

book code