The EET (Email Enumeration Tool) is a professional tool designed for red teaming. It allows you to send mass emails using SMTP and read emails from IMAP4 and POP3 servers.

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

Havoc C2 0.7 Teamserver SSRF exploit

This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared

GregsBestFriend process injection code created from the White Knight Labs Offensive Development course

Automation tool for Windows Deception Host Burn-In

基于chrome、firefox插件的被动式信息泄漏检测工具

Generic PE loader for fast prototyping evasion techniques

Leverage a legitimate driver to silence EDR

Utilities for obfuscating shellcode

Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)

GhostWriting Injection Technique.

A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encry…

CarbonBlack EDR detection rules and response actions

Threadless Process Injection through entry point hijacking

Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.

🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages

A self-hosted dashboard that puts all your feeds in one place

Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging

I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning path for me.

The open source Tines / Splunk SOAR alternative.

Analyze pcaps with Zeek and a Grafana Dashboard

An osint tool that uses Ahmia.fi to get hidden services and descriptions that match with the users query.

A roadmap to learn C from Scratch

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

darkPulse是一个用go编写的shellcode Packer，用于生成各种各样的shellcode loader，免杀火绒，360核晶等国内常见杀软。

ShellCode_Loader - CobaltStrike免杀ShellCode加载器、免杀Shellcode加密生成工具，目前测试免杀360&火绒&电脑管家&Windows Defender，请参考博客 https://www.vpss.cc/471.html

无Windows API的新型恶意程序：自缺陷程序利用堆栈溢出的隐匿稳定攻击技术研究，A new type of malicious program without Windows API