syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, queueing, SQL & NoSQL.

A small set of tools to convert packets from capture files to hash files for use with Hashcat or John the Ripper.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

iPhone 11 emulated on QEMU

A post exploitation framework designed to operate covertly on heavily monitored environments

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

Small tool to capture packets from wlan devices.

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

Open-Source Shellcode & PE Packer

Unified repository for different Metasploit Framework payloads

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

Windows Object Explorer 64-bit

Windows Event Log Killer

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.

LSASS memory dumper using direct system calls and API unhooking.

A little toolbox to play with Microsoft Kerberos in C

A tool to kill antimalware protected processes

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

[Historical wayland fork - see davatorium/rofi!] Rofi: A window switcher, run dialog and dmenu replacement

TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.

Snoopy Command Logger is a small library that logs all program executions on your Linux/BSD system.

ZBar is an open source software suite for reading bar codes from various sources, including webcams. As its development stopped in 2012, I took the task of keeping it updated with the V4L2 API. Thi…

Public open-source code of malware Stuxnet (aka MyRTUs).

Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.

Collection of PoC and offensive techniques used by the BlackArrow Red Team