Lists (16)
Stars
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
HookChain: A new perspective for Bypassing EDR Solutions
Exploiting DLL Hijacking by DLL Proxying Super Easily
Executes PowerShell from an unmanaged process
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
Kernel rootkit, that lives inside the Windows registry values data
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Mi…
Frequency and preset adjustable subghz radio frequency jammer for Flipper Zero
Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
Linux Kernel Rootkit for modern kernels (6x)
Extract Windows Defender database from vdm files and unpack it
BOF to steal browser cookies & credentials
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting…
A small x64 library to load dll's into memory.
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.
A somewhat wide collection of various kernelmode-usermode communication methods in one repository (mainly just for learning purposes).
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC