The pattern matching swiss knife

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

A beacon object file implementation of PoolParty Process Injection Technique.

AdaptixFramework Extension Kit

Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework

RunPE implementation with multiple evasive techniques (1)

Evasion kit for Cobalt Strike

RunPE implementation with multiple evasive techniques (2)

Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows Filtering Platform (WFP).

Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven

Reflective shellcode loaderwith advanced call stack spoofing and .NET support.

Proof of Concepts code for Bring Your Own Vulnerable Driver techniques

Enumerate active EDR's on the system

Modern PIC implant for Windows (64 & 32 bit)

Crystal Palace library for proxying Nt API calls via the Threadpool

Alternative Read and Write primitives using Rtl* functions the unintended way.

A lightweight Command and Control (C2) framework built for offensive security research and red teaming (Post Exploitation).

A Crystal Palace shared library to resolve & perform syscalls

Evasive shellcode loader for Red Teaming

A single byte modification in the kernel memory bypasses and disables all core functions of the AV/EDR security solutions

C2 frameworks for RTO, server and implants for stealth red-teaming mode.

P2P Mesh C2 framework (C implants + Python server + Dashboard) for resilient red‑team ops

Direct syscalls Injection to bypass AV/EDR

Process Injection Techniques using DIrect and Indirect Syscalls