A code-searching tool similar to ack, but faster.

A Compiler Writing Journey

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained p…

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

Defeating Windows User Account Control

WiFi security auditing tools suite

🐛 Access your device from anywhere via the web.

eBPF implementation that runs on top of Windows

ENet reliable UDP networking library

toybox

Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.

Python interface to the WebRTC Voice Activity Detector

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

tiny, portable SOCKS5 server with very moderate resource usage

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

Connect like there is no firewall. Securely.

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

Windows Privilege Escalation from User to Domain Admin.

Dump cookies and credentials directly from Chrome/Edge process memory

Windows NT Syscall tables

HVNC for Cobalt Strike

A modern 32/64-bit position independent implant template

Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.

Collection of PoC and offensive techniques used by the BlackArrow Red Team

Turn off PatchGuard in real time for win7 (7600) ~ later

Cobalt Strike UDRL for memory scanner evasion.