The new Windows Terminal and the original Windows console host, all in the same place!

AutoHotkey - macro-creation and automation-oriented scripting utility for Windows.

The Windows App SDK empowers all Windows desktop apps with modern Windows UI, APIs, and platform features, including back-compat support, shipped via NuGet.

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

🔥Open source RASP solution

AdaptixC2 is a highly modular advanced redteam toolkit

x64 binary obfuscator

Alternative Shellcode Execution Via Callbacks

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

ProxiFyre: A Windows SOCKS5 proxifier leveraging NDISAPI to transparently route TCP and UDP traffic on a per-app basis.

kill anti-malware protected processes ( BYOVD )

Adaptive DLL hijacking / dynamic export forwarding

Shoggoth: Asmjit Based Polymorphic Encryptor

自动化找白文件，用于扫描 EXE 文件的导入表，列出导入的DLL文件，并筛选出非系统DLL，符合条件的文件将被复制到特定的 X64 或 X86 文件夹

A native backdoor module for Microsoft IIS (Internet Information Services)

A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.

CPP AV/EDR Killer

Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls

DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely

Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322

Patching "signtool.exe" to accept expired certificates for code-signing.

A PoC implementation for dynamically masking call stacks with timers.

A collection of tools to abuse chrome browser

A Windows Named Pipe Multi-tool / Proxy

Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.

Windows rootkit designed to work with BYOVD exploits

StoneKeeper C2, an experimental EDR evasion framework for research purposes

一款基于Http.sys的利用工具

Protect your Domain Controllers by auditing and restricting LDAP requests