Provides Visual Studio integration for the NASM assembler.

A Go implementation of copyfail (CVE-2026-31431)

cc完整版，含手册，编译等

Copy Fail (CVE-2026-31431): 9-year-old Linux kernel LPE found by Theori's Xint Code

UnderlayCopy is an @Adaptix-Framework post-exploitation BOF tool for copying locked files and registry hives using low-level NTFS volume access, bypassing file locks and access restrictions discree…

This project is an experimental Go BOF/COFF loader created for learning, testing, and improving BOF execution from Go.

Repository hosting the bluehammer vulnerability

test

claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for a s…

Go package for accessing PE/COFF files.

用zig实现精简版的donut,可将exe/dll/elf转换为shellcode

BOF POC of the DSCourier project / invoking WinGet via COM

DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.

Gopacket is a clean Go implementation of Impacket, a library intended for working with network protocols.

Go library to capture desktop to image

The Red Sun vulnerability repository

BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell

Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable API calls.

Extract Windows credentials directly from VM memory snapshots and virtual disks

A cross-platform desktop All-in-One assistant for Claude Code, Codex, OpenCode, OpenClaw, Gemini CLI & Hermes Agent. Only official website: ccswitch.io

The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/

Beacon Object File (BOF) Template

FULL Augment Code, Claude Code, Cluely, CodeBuddy, Comet, Cursor, Devin AI, Junie, Kiro, Leap.new, Lovable, Manus, NotionAI, Orchids.app, Perplexity, Poke, Qoder, Replit, Same.dev, Trae, Traycer AI…

这是一个检测SGN算法的Yara规则

Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven

Bring your own Unwind Data Framework

Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and static signature removal.