Kara-4search

ProjectPics

For temp pictures

ContainYourself

A POC of the ContainYourself research presented in DEF CON 31, which abuses the Windows containers framework to bypass EDRs.

WinDefenderKiller

Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys

CVE-2024-21338

Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.

GhostFart

HiddenDesktop

HVNC for Cobalt Strike

LdrLibraryEx

A small x64 library to load dll's into memory.

rp-bf.rs

rp-bf: A library to bruteforce ROP gadgets by emulating a Windows user-mode crash-dump

Terminator

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

acheron

indirect syscalls for AV/EDR evasion in Go assembly

AFLplusplus

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

Amsi-Killer

Lifetime AMSI bypass

BannerlordCoop

Beacon_Source

not a reverse-engineered version of the Cobalt Strike Beacon

clash_for_windows_pkg

A Windows/macOS GUI based on Clash

CVE-2023-36168

An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component

DefenderYara

Extracted Yara rules from Windows Defender mpavbase and mpasbase

EDR-Telemetry

This project aims to compare and evaluate the telemetry of various EDR products.

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

GodPotato

gpt4free

decentralising the Ai Industry, just some language model api's...

Jormungandr

Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.

LdrLockLiberator

For when DLLMain is the only way

maldev

Golang library for malware development and red teamers

PoolParty

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

proc-macro-workshop

Learn to write Rust procedural macros  [Rust Latam conference, Montevideo Uruguay, March 2019]

quivr

🧠 Dump all your files and chat with it using your Generative AI Second Brain using LLMs ( GPT 3.5/4, Private, Anthropic, VertexAI ) & Embeddings 🧠

ShellWasp

ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Windows syscalls. ShellWasp is built for 32-bit, WoW64. ShellWasp 2.0 includes novel ways to invoke the syscall in WoW64.

SignatureGate

Weaponized HellsGate/SigFlip

vmprotect-3.5.1