.NET deobfuscator and unpacker.

Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber

WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.

BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions

Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)

This repository contains my complete resources and coding practices for malware development using Rust 🦀.

Process Injection using Thread Name

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Tutorial for extracting the GameBoy ROM from photographs of the die.

Official git repo for iodine dns tunnel

A tool that shows detailed information about named pipes in Windows

simple type recognition in decompiled executables

Tools for analyzing EDR agents

⬛️ CLI tool for saving complete web pages as a single HTML file

Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)

Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools

Project Zero Docs and Tools

Evasion by machine code de-optimization.

PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encry…

Evilginx Phishing Engagement Infrastructure Setup Guide