My implementation of enSilo's Process Doppelganging (PE injection technique)

Red-Team Linux kernel rootkit

绕3环的shellcode免杀框架

Syscall免杀

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Mi…

Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll

An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.

A Linux Host-based Intrusion Detection System based on eBPF.

Local privilege escalation via PetitPotam (Abusing impersonate privileges).

PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.

C++ self-Injecting dropper based on various EDR evasion techniques.

Fast Conversion Windows Dynamic Link Library To ShellCode

CVE-2023-0386在ubuntu22.04上的提权

The first analysis framework for CPU microcode

BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.

Harvest passwords automatically from OpenSSH server

CVE-2023-32233: Linux内核中的安全漏洞

.NET assembly loader with patchless AMSI and ETW bypass

nginx WebShell/内存马，更优雅的nignx backdoor

COFF file (BOF) for managing Kerberos tickets.

添加计划任务方法集合

New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.

Beacon Object File Loader

CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking

一款dump hash工具配合后渗透的利用

EDRSandblast-GodFault

Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.