Modify machine code in binaries with alternative x64 assembly opcodes for AV evasion

A Cobalt Strike Beacon Object File that exploits the BlueHammer vulnerability that to obtain a copy of the SAM database.

High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 487 detection rules with live credential validation.

Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively u…

Syscall BOF to arbitrarily add/detract process token privilege rights.

EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.

Advanced shellcode loader with AES-256, EDR/AMSI/ETW bypass, indirect syscalls, evasion, early-bird APC injection and PPID spoofing.

Modified versions of the Cobalt Strike Process Injection Kit

A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique

C++ version of the most known GodPotato

BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell

Active Directory Vulnerability Scanner

Robust Cobalt Strike shellcode loader with multiple advanced evasion features

【JHeart 权限维持BOF】：一键扫描上线主机“白加黑”维权点

Offensive security toolkit for Claude Code

COM-based DLL Surrogate Injection

An example UDC2 implementation for CrystalC2.

abusing windows toast notifications for fun and user manipulation

A BOF to interact with COM objects associated with the Windows software firewall.

Claude Code plugin for Java JAR security audit — 基于 jar-analyzer 的 Claude Code 安全审计插件，构建数据库，AI 深入分析

Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from silent in-process BOF to full PowerShell/WMI.

Automating the MITM attack on WSUS

NT AFD.sys file downloader (Windows 10/11 x64)

代码审计工具