Live ETW-TI event viewer for Windows kernel threat-intelligence telemetry. Research tool for exploring the same signals commercial EDRs rely on.

A Cobalt Strike Beacon Object File that exploits the BlueHammer vulnerability that to obtain a copy of the SAM database.

The Red Sun vulnerability repository

Modular User-Defined Reflective Loader (UDRL) built on Crystal Palace for controlled DLL execution and evasion research.

Object file loader implemented as a post-ex DLL for asynchronous BOF execution.

Ground Station is all-in-one satellite monitoring suite

A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique

Automatic terminal session logging for Bash and Zsh. Captures every command, prompt, and output in real time, with per-session files, replay support, and optional cloud sync. Ideal for security exa…

The Mullvad VPN client app for desktop and mobile

Reattempt of BlueHammer disclosed in April 2026

usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to p…

The agent that grows with you

Collection of many ldap bofs for domain enumeration and privilege escalation. Created for use with the Adaptix C2.

LLM Frontend for Power Users.

A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself

Repository hosting the bluehammer vulnerability

BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell

Manipulation of Toast Notifications to social engineer the user to visit links, harvest credentials etc.

A collection of DESIGN.md files inspired by popular brand design systems. Drop one into your project and let coding agents generate a matching UI.

Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by BeichenDream.

Windows Analysis and Research Toolkit

BOF-PE that zips and downloads the contents of a directory

💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp…

Dynamic unpacker based on PE-sieve

NTLM HTTP relay tool with SOCKS proxy for browser session hijacking

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

The repo is finally unlocked. enjoy the party! The fastest repo in history to surpass 100K stars ⭐. Join Discord: https://discord.gg/5TUQKqFWd Built in Rust using oh-my-codex.

Havoc C2 BOF — WFP kernel-space SYSTEM escalation + command execution with indirect syscalls, patchless AMSI/ETW bypass, and return address spoofing

Protect against malicious code installed via npm, yarn, pnpm, npx, pnpx, pip, uv and poetry with Aikido Safe Chain. Free to use, no tokens required.

Free educational content on reverse engineering and malware analysis from the FLARE team