Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode

A post exploitation framework designed to operate covertly on heavily monitored environments

SysWhispers on Steroids - AV/EDR evasion via direct system calls.

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

CTF Archives: Collection of CTF Challenges.

Multilayered AV/EDR Evasion Framework

Loads any C# binary in mem, patching AMSI + ETW.

A cross platform C2/post-exploitation framework.

Cobalt Strike random C2 Profile generator

寻找可利用的白文件

This is the tool to dump the LSASS process on modern Windows 11

A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.

An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.

Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind

A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk

A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.

SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connectivity using Windows Filtering Platform (WFP). This version fo…

Venom C2 is a dependency‑free Python3 Command & Control framework for redteam persistence

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

Evasive shellcode loader

A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations.

My collection of malware dev links

Replace the .txt section of the current loaded modules from \KnownDlls\

针对PE文件的分离的攻防对抗工具，红队、研究者的好帮手。目前支持文件头伪装、证书区段感染。A no-kill confrontation tool for the separation of PE files, a good helper for red teams and researchers. Currently, file header spoofing and certificat…

RunPE implementation with multiple evasive techniques (2)

The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/

基于Tinynuke修复得到的HVNC

C++ Header only string obfuscator library using metaprogramming. Affine Cipher technique is used for encryption and decryption.

Build sneaky & malicious LNK files.

Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)