Simple (relatively) things allowing you to dig a bit deeper than usual.

A simple logging library implemented in C99

A modern 32/64-bit position independent implant template

Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.

A .NET Runtime for Cobalt Strike's Beacon Object Files

Collection of Beacon Object Files (BOF) for Cobalt Strike

A library for loading dll module bypassing windows PE loader from memory (x86/x64)

Red Team C code repo

Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind

A small x64 library to load dll's into memory.

UDRL for CS

C Just In Time, interpreter and compiler

Encrypted shellcode Injection to avoid Kernel triggered memory scans

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

A tiny Reverse Sock5 Proxy written in C :V

A list of all the DLLs export in C:\windows\system32\

The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

C or BOF file to extract WebKit master key to decrypt user cookie

Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.

A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike

Local SYSTEM auth trigger for relaying - X

Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning

Boilerplate to develop raw and truly Position Independent Code (PIC).

Work, timer, and wait callback example using solely Native Windows APIs.

Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulation on Windows x64. For security research and learning purpos…

Crystal Palace library for proxying Nt API calls via the Threadpool

Alternative Read and Write primitives using Rtl* functions the unintended way.