北理 ”编译原理与设计“ 课设，一款使用 Java 开发的简易 C 语言编译器（x86 架构），支持绝大部分 C 语言语法。

DigitalPlat FreeDomain: Free Domain For Everyone

Evasive loader for .NET Framework assemblies

15-stage Windows malware development & analysis course in Rust. Red team builds it, blue team detects it. All 15 binaries achieved 0/76 on VirusTotal.

Static analysis & exploitation-triage toolkit for Windows kernel drivers. Discover IOCTLs, Symbolic Links, and check cert , and Downlaods BYOVD

Liniaal - A communication extension to Ruler

Reflective PE loader written in Zig. Loads and executes native and .NET PE files directly from memory.

GadgetExplorer is a .NET command-line tool for finding potential deserialization gadget chains in managed applications. It scans one or more assemblies, builds a reachability graph with dispatch an…

Gopacket is a clean Go implementation of Impacket, a library intended for working with network protocols.

A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN

Nim implementation for sud0Ru's Credential Dumping from SAM/SECURITY Hives Method (a.k.a. SilentHarvest)

retrieve information via O365 and AzureAD with a valid cred

A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.

BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell

Production-grade engineering skills for AI coding agents.

Serverless AITM Simulation Framework for Entra ID and M365

A Ligolo-ng JavaScript agent working inside Chrome & Chromium-based browsers by leveraging Isolated Web Applications.

InfraGuard is a Command & Control Redirection Proxy and Manager which protects your Red Team Infrastructure against threat attribution

A small reverse shell for Linux & Windows

Surgical UNWIND_INFO preservation for sleep masking without call stack spoofing.

Stealthy .NET assembly loading using AssemblyNative::LoadFromBuffer

Source code for the CrystalC2 client.

BAADTokenBroker is a post-exploitation tool designed to interact with Microsoft Entra ID device-bound keys.

每30分钟更新！免费Clash翻墙订阅，自动从网上爬取并测速 | 免费代理 | VPN | 订阅 | 节点 | clash meta | mihomo | 翻墙 | 科学上网 | 梯子 |

KslDump — Why bring your own knife when Defender already left one in the kitchen?

A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and static signature removal.

Filesystem interaction via firebeam virtual machine execution

Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.