carved4

go-native-syscall

go-native-syscall is Go (+ asm) Windows syscall library that resolves, hashes, caches, and invokes direct (and indirect now) NT calls without going through the win api layer traditionally

go-crypter

A cryptographic payload loader and executor designed for advanced in-memory execution techniques. This project combines strong encryption, compression, and sophisticated evasion capabilities to execute both shellcode and PE files directly in memory.

go-uac

uac bypass POC in go

vulkan-proxy

fun way to proxy syscalls or regular function calls through vulkan-1.dll

go-uac-2

This tool exploits the Windows ComputerDefaults.exe application to bypass User Account Control (UAC) and execute applications with elevated privileges. It works by manipulating registry keys via direct syscalls to hijack the execution flow of a trusted Windows binary.

go-wincall

load arbitrary dlls, call any exported function available to your PID's privs, all under a single thread without importing windows, syscall, or statically linking with any dlls beyond go's runtime requirements

chrome

meow

go-loader

another pe/dll/shellcode loader that downloads and executes files from urls in memory

dead-av

kill all EDR and AV processes continuously, a rewritten implementation of BlackSnufkin's BYOVD research

go-maldev

place for me to store various packages i use a lot during development and want to share/don't want to import locally

go-nt-socket

a pure go implementation of 5mukx's NTSockets, with added functionality of shellcode injection

meltloader

a modular reflective dll/pe loader that allows for easy chaining of dlls and pes together in a single or remote process with tight memory management and encryption capabilities to evade memory scanners. no syscall, windows, or net/http import involved.

rtl-gadget-injection

this project implements a remote shellcode injection technique using asynchronous procedure calls (apcs) combined with rtl function gadgets for memory writing. the method leverages windows ntdll functions as execution primitives to write shellcode into target processes without traditional writeprocessmemory calls.

unhook

unhook ntdll via WinSxS clean copy :3

gorecycle

recycledgate syscall implementation in go

keylog

pure winapi keystroke capture with udp exfil

lawk

a proof-of-concept ransomware that encrypts files by converting them into bip39 mnemonic seed phrases, designed to explore entropy reduction during encryption operations.

m1-shellcode

this is a tiny poc for shellcode injection in pure go and go's shitty plan9 asm on arm64 macOS tested on an m1 chip

opengl32-proxy

a proof-of-concept demonstrating a control flow redirection technique within `opengl32.dll`

pebsteal

fun way to dump the entirety of your process' PEB from userland, similar to !peb in Windbg

rc4loader

a simple shellcode loader that uses rc4 encryption, indirect syscalls and some system pointer encoding for fun

simple-c2

a minimal cross compatible server/agent in go, meant to demonstrate the gathering, encryption, exfiltration, reception, and decryption pipeline commonly seen in malwares :3

stackobf

a string obfuscation system designed for redteam/maldev usage

wincall-sh

this project demonstrates creative shellcode execution techniques using my go-wincall API :3 x64 only

export-dump

dump any accessible dll's exports easily

forge-passkeys-go

A Go implementation of the "Forging Passkeys" research demonstrating virtual FIDO2/WebAuthn authenticators.

go-m1call

dynamic function calling and symbol resolution for macos arm64 systems. directly interfaces with the dyld shared cache to resolve and call exported symbols without static linking.

LitterBox

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabilities.

portfolio

syshash

a c implementation for native syscall resolution and execution on windows x64