SilentChrome-BOF is a BOF (Beacon Object File) that silently installs a browser extension into Chrome or Edge by modifying the Preferences and Secure Preferences files directly.

claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for a s…

Shellcode loader

Modify machine code in binaries with alternative x64 assembly opcodes for AV evasion

DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.

A Cobalt Strike Beacon Object File that exploits the BlueHammer vulnerability that to obtain a copy of the SAM database.

High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 487 detection rules with live credential validation.

Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively u…

Syscall BOF to arbitrarily add/detract process token privilege rights.

EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.

Advanced shellcode loader with AES-256, EDR/AMSI/ETW bypass, indirect syscalls, evasion, early-bird APC injection and PPID spoofing.

Modified versions of the Cobalt Strike Process Injection Kit

A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique

C++ version of the most known GodPotato

BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell

Active Directory Vulnerability Scanner

Robust Cobalt Strike shellcode loader with multiple advanced evasion features

【JHeart 权限维持BOF】：一键扫描上线主机“白加黑”维权点

Offensive security toolkit for Claude Code

COM-based DLL Surrogate Injection

An example UDC2 implementation for CrystalC2.

abusing windows toast notifications for fun and user manipulation

A BOF to interact with COM objects associated with the Windows software firewall.

Claude Code plugin for Java JAR security audit — 基于 jar-analyzer 的 Claude Code 安全审计插件，构建数据库，AI 深入分析

Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from silent in-process BOF to full PowerShell/WMI.