Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

A post exploitation framework designed to operate covertly on heavily monitored environments

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

Situational Awareness commands implemented using Beacon Object Files

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditiona…

Universal Unhooking

A little tool to play with the Seclogon service

This is a simple example and explanation of obfuscating API resolution via hashing

zlib Windows build with Visual Studio.