🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Telegram Desktop messaging app

Android real-time display control software

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

超级微信电脑客户端，支持多开、防消息撤销、语音消息备份...开放WeChatSDK

Nidhogg is an all-in-one simple to use windows kernel rootkit.

Remote desktop and file transfer tool.

Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.

Another Windows Local Privilege Escalation from Service Account to System

Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques.

iMonitor（冰镜 - 终端行为分析系统）

UAC bypass by abusing RPC and debug objects.

MultiVNC is a cross-platform Multicast-enabled VNC viewer based on LibVNCClient. The desktop client runs on Unix, Mac OS X and Windows. There also is an Android client.

Syslog Server for Windows with a graphical user interface

这是一个基于gh0st远程控制的项目，使自己更深入了解远控的原理，采用VS2017，默认分支hijack还在修改不能执行，master分支的项目可以正常的运行的，你可以切换到该分支查看可以执行的代码

Standalone HVNC Client & Server | Written in C++ (Modified Tinynuke)

红队行动中利用白利用、免杀、自动判断网络环境生成钓鱼可执行文件。

Killing your preferred antimalware by abusing native symbolic links and NT paths.

记录一下自己的病毒分析成果

PC微信4.0.3.39以后版本HOOK获取dbkey

Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC

c++ shellcode loader

Lsass memory dump.

a simple assembly engine which is based on LLVM you don't have to worry about its core because LLVM they do it better.

BitRAT CrackedIt is coded in C++ programming language. It is the latest version of the best PC RAT 2022 in the market. It is used by hackers to remotely access their victims. This RAT can handles u…

NSudo - A Powerful System Administration Tool

KillDefender的实现