Dear ImGui: Bloat-free Graphical User interface for C++ with minimal dependencies

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

The Serenity Operating System 🐞

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide

Converts PE into a shellcode

Open EDR public repository

Reverse Engineers' Hex Editor

A modern frontend for Neovim.

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

Alternative Shellcode Execution Via Callbacks

ELF file viewer/editor for Windows, Linux and MacOS.

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

Public API, examples, documentation and issues for Binary Ninja

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, C2 servers, backdoors, exploitation techniques, stage…

Now You See Me, Now You Don't

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

Obfuscate specific windows apis with different apis

Win32 and Kernel abusing techniques for pentesters

kill anti-malware protected processes ( BYOVD )

Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)

Evasive shellcode loader for bypassing event-based injection detection (PoC)

EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.

Adaptive DLL hijacking / dynamic export forwarding

A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.

The Windows Kernel Programming book samples