Exploit allowing you to read registry hives as non-admin on Windows 10 and 11

Recover the default privilege set of a LOCAL/NETWORK SERVICE account

Enumerating and removing kernel callbacks using signed vulnerable drivers

NTLM relaying for Windows made easy

dll injection tool that implements various methods

A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.

Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).

This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp, socket)

Important notes and topics on my journey towards mastering Windows Internals

Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.

Evasive shellcode loader

elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative

This repo contains my custom scripts for Penetration Testing and Red Team Assessments. I will keep on updating this repo as and when I get time.

Process injection alternative

A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.

Cross compile source code easily for Windows with clang on Linux/Unix

A simple tool for merging DLLs into executables with PEB-invisible mapping.

RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++

Extract C2 Traffic

Extracting NetNTLM without touching lsass.exe

SCAP Scanner And Tailoring Graphical User Interface

POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY

Bypass UAC by hijacking a DLL located in the Native Image Cache

Collection of random RedTeam scripts.