Reverse engineering focusing on x64 Windows.

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

KLEE Symbolic Execution Engine

A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

A lightweight dynamic instrumentation library

RpcView is a free tool to explore and decompile Microsoft RPC interfaces

Fun with the Windows Subsystem for Linux (WSL/LXSS)

Enumerate and disable common sources of telemetry used by AV/EDR.

Custom Metasploit post module to executing a .NET Assembly from Meterpreter session

A binary format analysis tool

A simple header file to read Microsoft compound file with minimal efforts.