远程创建任务计划工具

Windows Server 2K3 NT 5

This is the leaked source code of Windows Server 2003

网上泄露的Windows XP SP1 source code

Collection of DLL function export forwards for DLL export function proxying

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

Native Syscalls Shellcode Injector

Go shellcode loader that combines multiple evasion techniques

Microsoft Yahei Mono 字体

Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging

Samples from my book Windows Native API programming

All reasonably stable tools

Run any executable as SYSTEM account (no service required)

EasyHook - The reinvention of Windows API Hooking

Fast, collaborative live terminal sharing over the web

TrustedSec Sysinternals Sysmon Community Guide

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.

Windows Privilege Escalation from User to Domain Admin.

Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms

Protected Process Dumper Tool

A PowerShell console in C/C++ with all the security features disabled

Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.

Microsoft signed ActiveDirectory PowerShell module

This is the tool to dump the LSASS process on modern Windows 11

ScriptSentry finds misconfigured and dangerous logon scripts.

Open-source Windows and Office activator featuring HWID, Ohook, TSforge, and Online KMS activation methods, along with advanced troubleshooting.