Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…

Small and highly portable detection tests based on MITRE's ATT&CK.

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained p…

This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.

UEFI firmware image viewer and editor

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

eBPF implementation that runs on top of Windows

🌴Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

Hiding kernel-driver for x86/x64.

generate CobaltStrike's cross-platform payload

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

BlackLotus UEFI Windows Bootkit

The swiss army knife of LSASS dumping

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

A tool to kill antimalware protected processes

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

Dump cookies and credentials directly from Chrome/Edge process memory

HVNC for Cobalt Strike

A modern 32/64-bit position independent implant template

A memory-based evasion technique which makes shellcode invisible from process start to end.

Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.

Cobalt Strike UDRL for memory scanner evasion.

Dump the memory of a PPL with a userland exploit

Sleep Obfuscation