Yeah9782

CallstackSpoofingPOC

C++ self-Injecting dropper based on various EDR evasion techniques.

httpworker-resident-loader

A Flask-based HTTP(S) command and control (C2) framework with a web interface. Custom Windows EXE/DLL implants written in C++. For educational use only.

AtlasLdr

Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls

rengine

reNgine is an automated reconnaissance framework for web

Christmas

llvm-yx-callobfuscator

LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.

Nidhogg

Nidhogg is an all-in-one simple to use rootkit.

BobTheSmuggler

"Bob the Smuggler": A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots).

RedTeamCCode

Red Team C code repo

elastic-container

Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine

Freeze

Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods

ThreadlessInject-C

This repository implements Threadless Injection in C

mortar

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

SmmBackdoorNg

Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks

crystr

Compile-Time Strings and Numbers Encryption for C++20

crycall

Compile-Time Calls Obfuscator for C++14+

ollvm17

Obfuscation LLVM 17

NtlmThief

Extracting NetNTLM without touching lsass.exe

BokuLoader

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. By: @0xBoku & @s4ntiago_p

Kerbeus-BOF

BOF for Kerberos abuse (an implementation of some important features of the Rubeus).

GH-Injector-GUI

RealBlindingEDR

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

Inline-Execute-PE

Execute unmanaged Windows executables in CobaltStrike Beacons

LdrLibraryEx

A small x64 library to load dll's into memory.

LdrLockLiberator

For when DLLMain is the only way

phook

Full DLL Hooking, phrack 65

Win32_Offensive_Cheatsheet

Win32 and Kernel abusing techniques for pentesters

C2-Tool-Collection

A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.

Windows-APT-Warfare

著作《Windows APT Warfare：惡意程式前線戰術指南》各章節技術實作之原始碼內容

SharpKiller

Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8