Detects process injection and memory manipulation used by malware. Finds RWX regions, shellcode patterns, API hooks, thread hijacking, and process hollowing. Built in Rust for speed. Includes CLI a…

Rust 231 35 Updated Dec 15, 2025

mantvydasb / RedTeaming-Tactics-and-Techniques

Red Teaming Tactics and Techniques

PowerShell 4,456 1,118 Updated Aug 22, 2024

longbridge / gpui-component

Rust GUI components for building fantastic cross-platform desktop application by using GPUI.

Rust 9,412 381 Updated Dec 23, 2025

entropy-z / PostEx-Arsenal

Arsenal of modules to beacon postex formats like BOF/Shellcode including: dotnet in memory execution, lateral moviment (scm, winrm, dcom, wmi), dumps (wifi, clipboard, screenshot, slack, office), P…

C++ 89 24 Updated Nov 30, 2025

repnz / etw-providers-docs

Document ETW providers

C 265 56 Updated Mar 28, 2020

microsoft / windows-rs

Rust for Windows

Rust 11,761 588 Updated Dec 16, 2025

eSentire-Labs / surveyor

Rust 24 3 Updated Oct 9, 2025

lastmile-ai / mcp-agent

Build effective agents using Model Context Protocol and simple workflow patterns

Python 7,884 793 Updated Dec 13, 2025

punkpeye / fastmcp

A TypeScript framework for building MCP servers.

TypeScript 2,839 242 Updated Dec 22, 2025

a2aproject / A2A

An open protocol enabling communication and interoperability between opaque agentic applications.

Shell 21,176 2,165 Updated Dec 21, 2025

almounah / orsted

Orsted C2 Framework

Go 94 13 Updated Dec 23, 2025

Xacone / Eneio64-Driver-Exploits

A serie of exploits targeting eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W

C++ 105 21 Updated Oct 19, 2025

SenSecurity / Founding

Founding is a generator that will create a loader encrypted or obfuscated with different execution types

C 98 19 Updated Aug 23, 2025

amberchalia / fraction_loader

C++ 46 8 Updated Oct 14, 2025

tlsbollei / KittyLoader

KittyLoader is a highly evasive loader written in C / Assembly

C++ 249 36 Updated Sep 22, 2025

sisoma2 / ShellcodeLoader

Small tool to load shellcodes or PEs to analyze them

C++ 83 17 Updated May 16, 2018

darallium / r2-copilot

Python 10 Updated Oct 24, 2025

ASkyeye / FilelessRemotePE

Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique

C++ 75 162 Updated Sep 29, 2022

arosenmund / defcon33_silence_kill_edr

C++ 330 52 Updated Aug 20, 2025

0xflux / Sanctum

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

Rust 468 49 Updated Nov 29, 2025

3xpl01tc0d3r / ProcessInjection

This program is designed to demonstrate various process injection techniques

C# 1,214 190 Updated Aug 7, 2025

m8sec / Dispatch

Evasive Payload Delivery Server & C2 Redirector

Python 112 12 Updated Nov 3, 2025

MythicAgents / thanatos

Mythic C2 agent targeting Linux and Windows hosts written in Rust

Rust 400 59 Updated Nov 26, 2025

Ke0xes / Detection-Engineering-Framework

73 21 Updated Nov 27, 2025

LaurieWired / GhidraMCP

MCP Server for Ghidra

Java 6,794 535 Updated Jun 23, 2025

ExpOrx / upx

Forked from upx/upx

UPX变种脱壳定制

C++ 3 Updated Jul 30, 2025

TheWover / donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

C 4,359 726 Updated Jul 8, 2025

GokbakarE / RuleSetRAT

A curated collection of YARA rules and structured JSON reports designed to identify and analyze various malware builder variants, for educational and research purposes only.

YARA 19 1 Updated Sep 1, 2025

chanshaw chan-shaw

Highlights

Lists (4)

cloud-native security

EDR

✨ Inspiration

reverse engineering

Starred repositories

afl-fuzz