SQL powered operating system instrumentation, monitoring, and analytics.

High-level tracing language for Linux

Cloud Native Runtime Security

Linux system exploration and troubleshooting tool with first class support for containers

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Snort++

🔥Open source RASP solution

Fast and Lightweight Observability Data Collector

shellcodeloader

SuperDllHijack：A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术，不再需要手工导出Dll的函数接口了

Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具，它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码，帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。

CSLoader is a general purpose obfuscation and anti-virus tool based on a reimplementation of the llvm project obfuscator(https://github.com/obfuscator-llvm/obfuscator).

恶意代码逃逸源代码 http://payloads.online

captcha break based on opencv2, tesseract-ocr and some machine learning algorithm.

Support ALL Windows Version

Shellcode launcher utility

A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.

eBPF verifier based on abstract interpretation

Windows对抗沙箱和虚拟机的方法总结

Hades HIDS/HIPS for Windows

Bypassing NTFS permissions to read any files as unprivileged user.

Inject ELF into remote process

ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.

使得Cobaltstrike支持Atexec

Windows本地溢出EXP收集

Various utilities useful for developers writing BPF tools