Another new coercion primitive with LPE 0day - machine-account NTLM coercion from a non-admin user via Windows Store InstallService plugin resolution experiments

DCOM in memory and fileless lateral movement techniques through .Net deserilization

dump of artwork, logos, and other images related to the hacker's choice <thc.org> @hackerschoice, a security research group founded in 1995 by @vanhauser-thc

rax is a CPU emulator that checks its own work.

This is a collection of proof-of-concept exploits for various targets.

This repository contains the research tool presented at x33fcon 2026, along with the associated presentation slides. The content is made available for research and educational purposes.

Falco Knowledge Base for AI Agents

Windows security research toolkit for LPE, persistence, COM hijacking, and attack surface enumeration.

Very vulnerable ARM/AARCH64 application (CTF style exploitation tutorial with 29 vulnerability techniques)

Nginx RCE chain PoC with CVE-2026-9256 and CVE-2026-42945

EDRUnChoker - fileless WMI defense that removes EDRChoker QoS throttling policies

A tool uses the QoS Policy (Pacer.sys) to throttle Endpoint Detection and Response (EDR) agents from connecting to the server.

Il2CppDumper fork with a native Rust PDB generator for x64 PE (GameAssembly.dll): function names, full struct types and typed prototypes, auto-loaded by IDA.

A Mandelbrot set generator softcore on FPGA.

Open-source passive reconnaissance and attack surface exploration tool that leverages VirusTotal and the Wayback Machine to discover subdomains, URLs, archived web assets, and potential exposure fi…

Automated proxy DLL generator for DLL hijacking

A Ghidra agentic reverse engineering skill.

Azure RedOps is a offensive security toolkit for assessing the security posture of Microsoft Entra ID

VMProtect 3.5+ dynamic import resolver

CVE-2026-23631 (DarkReplica) Redis Exploit

Proof-of-concept script to leverage the PAN-OS GlobalProtect authentication bypass CVE-2026-0257

An IDA Pro / Hex-Rays plugin that turns noisy pseudocode into reviewable, kernel-aware cleanup artifacts

Different tools for Microsoft Hyper-V researching

Riot Vanguard streamed module to PE converter. Resolves hashed imports, reconstructs sections, and writes valid DLLs from RITO format binaries.

[ICML 2021] DouZero: Mastering DouDizhu with Self-Play Deep Reinforcement Learning | 斗地主AI