Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

Threadless Process Injection using remote function hooking.

6800% faster "os" module replacement. A drop-in replacement for Python's standard 'OS' module. Fully-rewritten, optimized, and speeded-up functions, that replace ones in the os.path module.

C# Reflective loader for unmanaged binaries.

A sample MLOps system of LeapMind Blueoil x AWS Components (AWS IoT Greengrass, Amazon SageMaker)

XRay is a tool for recon, mapping and OSINT gathering from public networks.

Building binutils for pwntools

Vmware Hardened VM detection mitigation loader (anti anti-vm)

Diaphora, the most advanced Free and Open Source program diffing tool.

The TrustedSec Attack Platform is a reliable method for droppers on an infrastructure in order to ensure established connections to an organization.

Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level

File Monitor Library (based on Apple's new Endpoint Security Framework)

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool…

Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC bypass. Win 7 & up.

Procscan is a quick and dirty python script used to look for potentially dangerous api call patterns in a Procmon PML file.

Just my findings of malwares

TinyOS in C#

Source code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.

Process behaviour anomaly detection using eBPF and unsupervised-learning Autoencoders

Demos for the Blackhat USA 2022 talk "Taking Kerberos to the Next Level"

UAC bypass for x64 Windows 7 - 11

Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2

Simulation environment for attacks on computer networks

Mirror of http://undocumented.ntinternals.net/

pixelcrane is a tool for extracting files from the layers of a container image

A toolbox to make hiding your online identity easier. Use with caution.