Stars
Orchestrate detonating your MalDev in VMs with different EDRs to see their detection surface.
Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2
Nidhogg is an all-in-one simple to use windows kernel rootkit.
kernel callback removal (Bypassing EDR Detections)
Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.
A library to develop kernel level Windows payloads for post HVCI era
A Beacon Object File for decrypting Chrome App-Bound Encryption masterkeys in-memory via Cobalt Strike
Version: 2.0 Date Published: 3/23/2006. The Shared Source CLI is a compressed archive of the source code to a working implementation of the ECMA CLI and the ECMA C# language specification. This imp…
Appends arbitrary data to a PE file without breaking the digital signature of the file, implemented in Python 3.
Abuse Azure API permissions for red teaming
Single header version of System Informer's phnt library.
UC8151 / IL0373 MicroPython e-paper display driver with support for greyscales and fast updates
MicroPython drivers for Waveshare e-paper modules
Hide your Powershell script in plain sight. Bypass all Powershell security features
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
A small shellcode loader library written in C#
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
List the ETW provider(s) in the registration table of a process.