Multilayered AV/EDR Evasion Framework

This is the tool to dump the LSASS process on modern Windows 11

寻找可利用的白文件

A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.

Evasive shellcode loader

C++ Header only string obfuscator library using metaprogramming. Affine Cipher technique is used for encryption and decryption.

Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)

Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique

Prevent in-process process termination by patching exit APIs

LSASS Credential Dumper that utilizes the Windows API, in-memory RC4 encryption and Base64 encoding, and HTTPS exfiltration.

Move CS beacon to GPU memory when sleeping