Stars
An even funnier way to disable windows defender. (through WSC api)
Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Windows Local Privilege Escalation from Service Account to System
A small POC to make defender useless by removing its token privileges and lowering the token integrity
tool to extract passwords from TeamViewer memory using Frida
Tools for interacting with authentication packages using their individual message protocols
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
A PowerShell console in C/C++ with all the security features disabled
Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases…
This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
Use hardware breakpoint to dynamically change SSN in run-time
Outil de récupération automatique des données de l'Active Directory / Automated tool for dumping Active Directory data
A bunch of parsers for PE and PDB formats in C++
RDPCredentialStealer it's an implant that steal credentials provided by users in RDP using API Hooking with Detours in C++
Leak of any user's NetNTLM hash. Fixed in KB5040434