Windows NTLM Authentication Backdoor

Code for Battleyes shellcode

Shellcode launcher for AV bypass

Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC

Process Ghosting Tool

A fake AMSI Provider which can be used for persistence.

DLLhijack winmm.dll

simple user-mode Rootkit

A simple Windows kernel rootkit.

Nasha is a Virtual Machine for .NET files and its runtime was made in C++/CLI

Injects shellcode into remote processes using direct syscalls

💉 A Windows dynamic-link library injection tool written in C++20. It can inject a dynamic-link library into a running process by its window title or create a new process with an injection.（使用C++20开…

Documentation, gerbers, design and schematic.

PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel.

ShellCode Loader for MSF and Cobalt Strike

Advanced Keylogger / Info Grabber written in C++.

💻 Windows 10 Kernel-mode rootkit

Append custom data to signed pe file and DONOT DESTROY SIGNED STATUS.

A program that sends a lot of fake ARP packets to the router. This may kick everyone out of the network!

Inject dll to explorer.exe and hide file from process.

Applying some AV evasion techniques on a metasploit reverse shell

Loader and RunPE file executer

shellcode loader by c++,免杀，bypass，

RDP THIEF - inject dll to remote desktop process (mstsc.exe) and steal user credentials.

A small tool to patch PE files' import address table with an external payload DLL.

「💉」Simple Windows Process Injection Script