LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.

A modern 32/64-bit position independent implant template

Credentials Dumper for Linux using eBPF

Cobalt Strike UDRL for memory scanner evasion.

Exploit for 6.4 - 6.5 kernels and another exploit for 5.15 - 6.5

Tool for extracting information from newly spawned processes

A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29

Red-Team Linux kernel rootkit

Collection of UAC Bypass Techniques Weaponized as BOFs

UEFI bootkit for driver manual mapping

BOF for Kerberos abuse (an implementation of some important features of the Rubeus).

a signal handler race condition in OpenSSH's server (sshd)

A beacon object file implementation of PoolParty Process Injection Technique.

An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).

.NET assembly loader with patchless AMSI and ETW bypass

COFF file (BOF) for managing Kerberos tickets.

Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread

Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

Use hardware breakpoints to spoof the call stack for both syscalls and API calls

GhostWriting Injection Technique.

Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options

It's pointy and it hurts!

A simple BOF that frees UDRLs

Boilerplate to develop raw and truly Position Independent Code (PIC).