The Network Execution Tool

Hiding unsigned DLL inside a signed DLL

Tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h

ripgrep recursively searches directories for a regex pattern while respecting your gitignore

Just pick out the code we need.

Let's analyze one of the ways to bypass the smart screen and write our own simple cryptor that runs the shellcode

Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.

Cybersecurity oriented awesome list

EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual.

Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)

Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs

bring your own vulnerable driver

rust library for performing remote process injection, originally written for use in Tempest c2 project

Lateral Movement Using DCOM and DLL Hijacking

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository…

FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading

A list of python tools to help create an OPSEC-safe Cobalt Strike profile.

Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.

A feature-rich command-line audio/video downloader

Load .net assemblies from memory while having them appear to be loaded from an on-disk location.

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

Bypass AMSI and Defender using Ordinal Values

NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build support

A roadmap to learn C from Scratch

Burp插件，通过自定义 hook 自动解密加密报文，并支持联动 sqlmap、xray 等，让你测试加密报文时像明文一样简单。 The Burp plugin automatically decrypts encrypted messages through custom hooks and supports linkage with sqlmap, xray, etc., making …

Running .NET from VBA

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon，其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能

Allows WhatsApp users to extract their cipher key and databases on non-rooted Android devices.