Legit DLC Unlocker for Steam, Epic, Origin, EA Desktop & Uplay (R1)

EDR Lab for Experimentation Purposes

Process Hollowing (Malware Technique)

An Active Defense and EDR software to empower Blue Teams

Hide your Powershell script in plain sight. Bypass all Powershell security features

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

ImRAD is a GUI builder for the ImGui library

RFHunter is a device to find hidden Cameras at AirBNBs

Real-time audio streaming over the network.

Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

Crinkler is an executable file compressor (or rather, a compressing linker) for compressing small 32-bit Windows demoscene executables. As of 2020, it is the most widely used tool for compressing 1…

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Shellcode Compiler

A Stealthy Trojan Spyware

An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

Extracts passwords from a KeePass 2.x database, directly from memory.

👻 RAT (Remote Access Trojan) - Silent Botnet - Full Remote Command-Line Access - Download & Execute Programs - Spread Virus' & Malware

InjectProc - Process Injection Techniques [This project is not maintained anymore]

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

Now You See Me, Now You Don't

Stop Windows Defender programmatically

Tool to bypass LSA Protection (aka Protected Process Light)

A Simple Ransomware Vaccine

kill anti-malware protected processes ( BYOVD ) ( Microsoft Won )

New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools.

Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)

Run a Exe File (PE Module) in memory (like an Application Loader)

Botnet

Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具，它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码，帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。