Stars
The official GitHub mirror of the Chromium source
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
Nidhogg is an all-in-one simple to use windows kernel rootkit.
An open-source windows defender manager. Now you can disable windows defender permanently.
Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.
Alternative Shellcode Execution Via Callbacks
Library for lifting machine code to LLVM bitcode
Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
Tool to bypass LSA Protection (aka Protected Process Light)
Win32 and Kernel abusing techniques for pentesters
PoC Implementation of a fully dynamic call stack spoofer
Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques.
Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)
Enumerate and disable common sources of telemetry used by AV/EDR.
Evasive shellcode loader for bypassing event-based injection detection (PoC)