A Beacon Object File (BOF) is a compiled C program, written to a convention that allows it to execute within a Beacon process and use internal Beacon APIs. BOFs are a way to rapidly extend the Beac…

A Proof-of-Concept (POC) demonstration of Windows token impersonation techniques for educational and security research purposes.

open source port/reimplementation of the Cobalt Strike BOF Loader as is

A Beacon Object File (BOF) template for Visual Studio

Collection of beacon BOF written to learn windows and cobaltstrike

A book for Learning the Foundations of LLMs

Ai迷思录（应用与安全指南）

A Pin Tool for tracing API calls etc

PoC for Zerologon - all research credits go to Tom Tervoort of Secura

LSTAR - CobaltStrike 综合后渗透插件

Sleep obfuscation

A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process

Lsass dumper evading (all ?) EDR detection

Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.

The Windows Kernel Programming book samples

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

✅Browser ❌Cloudflare ✅Host — Generator of customized Cloudflare error pages (unofficial)

Indirect-Shellcode-Executor expoits the miss-configuration/vulnerability present on the API Windows method ReadProcessMemory discovered by DarkCoderSc. It exploits the nature of the in/out pointer …

A collection of various vulnerable (mostly physical memory exposing) drivers.

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.

Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swapping without memory or assembly allocation.

BOF to run PE in Cobalt Strike Beacon without console creation

记录一些漏洞驱动，主要是学习Windows Kernel