Stars
A tool to transform Chromium browsers into a C2 Implant
一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率
Registers Vectored Exception Handlers by directly manipulating internal LdrpVectorHandlerList structure instead of calling RtlAddVectoredExceptionHandler.
An open-source Linux GUI-based Remote Access Tool developed in C# with a Python payload, intended for legitimate penetration testing and reconnaissance tasks.
Elfina is a multi-architecture ELF loader written in Rust, supporting x86 and x86-64 binaries.
A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory.
Project for generating and identifying deceptive LNK files.
A cross-platform C++ framework for building Windows shellcode
Linux Shared Library to Shellcode Loader
An open-source, C#-based remote administration tool (RAT), enabling complete control of a remote Windows machine, designed for legitimate remote administration and security testing of Windows systems.
open source port/reimplementation of the Cobalt Strike BOF Loader as is
An example of how to use Microsoft Windows Warbird technology
Dump LSASS via physical memory read primitives in vulnerable kernel drivers
A lightweight Windows Prefetch file parser to extract programs' execution history
Dump Azure AD Connect credentials for Azure AD and Active Directory
WhatsApp Desktop Live Forensics - Decryption&Extraction Technique
Run shellcode through InnoSetup code engine.
Fast, allocation-friendly .NET library to generate, parse, and manipulate ANSI/VT escape sequences (writer, markup, tokenizer, ANSI-aware text utilities).
Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
Advanced Windows authentication token extraction and decryption tool for red team operations and security research
Load a dynamic library from memory by modifying the native Windows loader
sigreturn-oriented programming (SROP) based sleep obfuscation poc for Linux
List the ETW provider(s) in the registration table of a process.
Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan in-memory .NET assembly loads. This tool unhooks that functi…