A little tool to play with Windows security

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

Defeating Windows User Account Control

Kyanos is a networking analysis tool using eBPF. It can visualize the time packets spend in the kernel, capture requests/responses, makes troubleshooting more efficient.

Dopamine is a semi-untethered jailbreak for iOS 15 and 16

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9…

Open-Source Shellcode & PE Packer

The swiss army knife of LSASS dumping

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

Situational Awareness commands implemented using Beacon Object Files

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

LSASS memory dumper using direct system calls and API unhooking.

Stealthy Linux Kernel Rootkit for modern kernels (6x)

Bypass Chromium's App-Bound Encryption via Direct Syscall-based Reflective Process Hollowing. Extract cookies, passwords, payment methods & tokens from Chrome, Edge, Brave & Avast - fileless, user-…

Dump cookies and credentials directly from Chrome/Edge process memory

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.

Research code & papers from members of vx-underground.

HVNC for Cobalt Strike

A memory-based evasion technique which makes shellcode invisible from process start to end.

A root exploit for CVE-2022-0847 (Dirty Pipe)

C/C++ source obfuscator for antivirus bypass

Cobalt Strike UDRL for memory scanner evasion.

A protective and Low Level Shellcode Loader that defeats modern EDR systems.

助力每一位RT队员，快速生成免杀木马

Sleep Obfuscation

A collection of my Semgrep rules to facilitate vulnerability research.

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc…