Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers …

Extract credentials from lsass remotely

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

Invoke-ArgFuscator is an open-source, cross-platform PowerShell module that helps generate obfuscated command-lines for common system-native executables.

kernel callback removal (Bypassing EDR Detections)

Smart keylogging capability to steal SSH Credentials including password & Private Key

Next Generation C2 Framework, IoM-server/client

Pack/Encrypt/Obfuscate ELF + SHELL scripts

Robust Cobalt Strike shellcode loader with multiple advanced evasion features

🔥📜 Forbidden collection of Red Team sorcery 📜🔥

Cobalt Strike BOF for evasive .NET assembly execution

Initial Access and Post-Exploitation Tool for Entra ID and M365 with a browser-based GUI

An even funnier way to disable windows defender. (through WSC api)

A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.

Advanced In-Memory PowerShell Process Injection Framework

Reflective shellcode loaderwith advanced call stack spoofing and .NET support.

Lateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM Hijacking

AV/EDR Lab environment setup references to help in Malware development

一款内网快速打点的辅助性扫描工具，方便红队人员在内网横向移动前期的信息搜集、漏洞探测利用环节的工作开展。其工具特性主要为支持一键化三个档位的便捷式信息与漏洞扫描或每个功能模块单独式扫描探测功能。

哥斯拉jsp/jspx免杀webshell生成器

MDUT-Extend(扩展版本)

针对PE文件的分离的攻防对抗工具，红队、研究者的好帮手。目前支持文件头伪装、证书区段感染。A no-kill confrontation tool for the separation of PE files, a good helper for red teams and researchers. Currently, file header spoofing and certificat…

基于frp-0.58.1魔改二开，随机化socks5账户密码及端口、钉钉上线下线通知、配置文件oss加密读取、域前置防止溯源、源码替换/编译混淆等

A tool for automatic patch shellcode into binary file to bypass AV. / 一个自动patch shellcode到二进制文件的工具

用于Webshell木马免杀、流量加密传输，多多支持star

基于 OPSEC 的 CobaltStrike 后渗透自动化链

Indirect Syscall implementation to bypass userland NTAPIs hooking.

自动化反编译微信小程序，小程序安全评估工具，发现小程序安全问题，自动解密，解包，可还原工程目录，支持Hook，小程序修改

AV bypass while you sip your Chai!