A simple C++11 Thread Pool implementation

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Hook WeChat / 微信逆向

Converts PE into a shellcode

x64 binary obfuscator

library for importing functions from dlls in a hidden, reverse engineer unfriendly way

C++20, x86/x64 Hooking Libary v2.0

Collection of various malicious functionality to aid in malware development

Converts a EXE into DLL

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

Now You See Me, Now You Don't

kill anti-malware protected processes ( BYOVD ) ( Microsoft Won )

Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.

Fix DecodePointer, EncodePointer,RegDeleteKeyEx etc. APIs not found in Windows XP RTM.

CSLoader is a general purpose obfuscation and anti-virus tool based on a reimplementation of the llvm project obfuscator(https://github.com/obfuscator-llvm/obfuscator).

Converts a DLL into EXE

Shoggoth: Asmjit Based Polymorphic Encryptor

Support ALL Windows Version

HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.

Lifetime AMSI bypass

dump lsass进程工具

An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.

Signtool for expired certificates

A list of python tools to help create an OPSEC-safe Cobalt Strike profile.