SuperPrompt is an attempt to engineer prompts that might help us understand AI agents.

BackdoorSim: An Educational into Remote Administration Tools

Source generator to add D/Invoke and indirect syscall methods to a C# project.

Microsoft-Outlook-Remote-Code-Execution-Vulnerability

Modified versions of the Cobalt Strike Process Injection Kit

Load shellcode into a new process

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

Different methods to get current username without using whoami

Python implementation for PetitPotam

.net config loader

Tactical RMM Agent

A remote monitoring & management tool, built with Django, Vue and Go.

🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.

Beacon Object File Loader

Harvest passwords automatically from OpenSSH server

Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

A .NET Runtime for Cobalt Strike's Beacon Object Files

Detects virtual machines and malware analysis environments

用友NC系列漏洞检测利用工具，支持一键检测、命令执行回显、文件落地、一键打入内存马、文件读取等

Various Cobalt Strike BOFs

Webshell Manager

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

A Proof-of-Concept implementation for Proxy Object Obfuscation in .NET

Execute shellcode from a remote-hosted bin file using Winhttp.

Enhanced version of secretsdump.py from Impacket. Adds multi-threading and accepts an input file with a list of target hosts for simultaneous secrets extraction.

ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption