Source generator to add D/Invoke and indirect syscall methods to a C# project.

A library for creating, reading and editing PE files and .NET modules.

A protective and Low Level Shellcode Loader that defeats modern EDR systems.

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

Enhanced ChatGPT Clone: Features OpenAI, Assistants API, Azure, Groq, GPT-4 Vision, Mistral, Bing, Anthropic, OpenRouter, Vertex AI, Gemini, AI model switching, message search, langchain, DALL-E-3,…

Windows handle stealing POC with NtDuplicateObject

Hidden module/dll detector for windows apps

Windows hidden thread suspend POC with code injection

Another dll injection method with SetWinEventHook API

New handle stealing technique for windows apps

Dll injector POC for new handle stealing technique

External cheat base with DirectX overlay

Windows kernel samples

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

Resource editor for PE files

Develop Desktop, Embedded, Mobile and WebAssembly apps with C# and XAML. The most popular .NET UI client technology

Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into…

🔐 Wrapper arround .NET Cryptography library

Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.

Various Cobalt Strike BOFs

An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

This repo contains some Amsi Bypass methods i found on different Blog Posts.

Portable Executable (PE) library written in .Net

CaveCarver - PE backdooring tool which utilizes and automates code cave technique

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Blazor Component Library based on Material design with an emphasis on ease of use. Mainly written in C# with Javascript kept to a bare minimum it empowers .NET developers to easily debug it if needed.

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.ex…