🎤⌨️ Acoustic keyboard eavesdropping

Wechat Chat History Exporter 微信聊天记录导出备份程序

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

shellcodeloader

Alternative Shellcode Execution Via Callbacks

A lightweight Universal Windows proxy app based on https://github.com/eycorsican/leaf

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

Hook system calls on Windows by using Kaspersky's hypervisor

Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop

Obfuscate specific windows apis with different apis

Stop Windows Defender programmatically

hijack dll Source Code Generator. support x86/x64

CSLoader is a general purpose obfuscation and anti-virus tool based on a reimplementation of the llvm project obfuscator(https://github.com/obfuscator-llvm/obfuscator).

Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs

检测绝大部分所谓的内存免杀马

Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avo…

dump lsass进程工具

A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.

A software for sharing in LAN

Redirecting (specific) TCP, UDP and ICMP traffic to another destination.

Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

使用windows api添加用户，可用于net无法使用时.分为nim版，c++版本，RDI版，BOF版。

CVE-2021-1732 Exploit

POCs for Shellcode Injection via Callbacks

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Killing your preferred antimalware by abusing native symbolic links and NT paths.

A PoC implementation for dynamically masking call stacks with timers.

40行代码检测到大部分CobaltStrike的shellcode