The PHP Interpreter

UNIX-like reverse engineering framework and command-line toolset

BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

A little tool to play with Windows security

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Jailbreak for A8 through A11, T2 devices, on iOS/iPadOS/tvOS 15.0, bridgeOS 5.0 and higher.

Small portable AES128/192/256 in C

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

eBPF Developer Tutorial: Learning eBPF Step by Step with Examples

the TCPdump network dissector

Automated upstream mirror for libbpf stand-alone build.

generate CobaltStrike's cross-platform payload

chroot, mount --bind, and binfmt_misc without privilege/setup for Linux

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.

bpf 学习仓库

Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

基于eBPF的堆栈追踪工具

Windows and Cygwin port of proxychains, based on MinHook and DLL Injection

Patching and hooking the Linux kernel with only a stripped Linux kernel image.

Code snippets from the O'Reilly book

Dopamine is a semi-untethered jailbreak for iOS 15 and 16

助力每一位RT队员，快速生成免杀木马

Detect Frida for Android

新版MT去签及对抗

安卓内核提权漏洞分析

A couple of methods for detecting Frida on Android.

整理一些app常见的加固方法，包括java层、native层和资源文件加固等