Windows kernel and user mode emulation.

Malware Configuration And Payload Extraction

ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.

a graphical tool to visualize binary data

Python serial port access library

Open-Source Shellcode & PE Packer

Alternative Shellcode Execution Via Callbacks

哥斯拉

中国蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit.

Webshell && Backdoor Collection

WebShell Collect

ashx China Chopper WebShell

Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.

Obfuscate Go binaries and packages

EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual.

A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue

Extract C2 Traffic

Generate FUD backdoors

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

A malware technique that makes use of NTFS transactions to create a process that is not backed by a malicious file

Export messages from Signal Desktop

Single small binary for both TUS server and client

Proof of Concepts

Peanuts is a free and open source wifi tracking tool. Based on the SensePosts Snoopy-NG project that is now closed.

The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (pa…

Avilla Forensics 3.0