RpcView is a free tool to explore and decompile Microsoft RPC interfaces

This repo contains C/C++ snippets that can be handy in specific offensive scenarios.

EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.

Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

PE loader with various shellcode injection techniques

From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller

从内存中提取浏览器和Todesk用户凭证

Controlling Windows PP(L)s

Open repository for learning dynamic shellcode loading (sample in many programming languages)

Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible

IDA Pro plugin to make bitfield accesses easier to grep

A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.

Port of Cobalt Strike's Process Inject Kit

Collection of Beacon Object Files (BOF) for Cobalt Strike

Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations

SeManageVolumePrivilege to SYSTEM

EDR-Redir : a tool used to redirect the EDR's folder to another location.

Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH

kernel-mode DLL Injector

Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.

Cobalt Strike Aggressor Scripts

NSecSoftBYOVD POC

A slightly more fun way to disable windows defender

C++ tool and library for converting .bin files to shellcode in multiple output formats.

Tiny and fast port scanner (Sliver edition)

Selective In-Memory Syscall Unhooking, a stealthy method to bypass user-mode hooks in ntdll.dll