jackson5sec

ShimDB

Shim database persistence (Fin7 TTP)

Godzilla

Godzilla Webshell Manger Decompiled Source

noclient

AlanFramework

A C2 post-exploitation framework

CVE-2022-1040

This vulnerability allows an attacker to gain unauthorized access to the firewall management space by bypassing authentication

Lastenzug

Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level

ListDLLs

ListDLLs examples

BADministration

bootlicker

A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.

CVE-2019-0803

Win32k Elevation of Privilege Poc

CVE-2024-38077-POC

DMA

Reducing the prices of DMA Firmware

DummyDLL

DummyDLL payload for COM and DLL Hijack's

DummyDylib

ebpfkit

ebpfkit is a rootkit powered by eBPF

InfinityHook

Hook system calls, context switches, page faults and more.

injection

Windows process injection methods

Linco2

模拟Cobalt Strike的Beacon与C2通信过程，实现了基于HTTP协议的Linux C2

llama-gpt

A self-hosted, offline, ChatGPT-like chatbot. Powered by Llama 2. 100% private, with no data leaving your device. New: Code Llama support!

microsocks

tiny, portable SOCKS5 server with very moderate resource usage

nysm

nysm is a stealth post-exploitation container.

obfuscator

ollvm，base on llvm-clang 5.0.2, 6.0.1 , 7.0.1,8.0,9.0,9.0.1,swift-llvm-clang 5.0(waiting support swift obfuscator)

pcapknock

Watches for trigger packets, runs commands or spawns a shell

PicoEVB

Public repository for PicoEVB (Xilinx Artix XC7A50T based)

polarbearrepo

PostConfluence

哥斯拉Confluence后渗透插件 MakeToken SearchPage ListAllUser AddAdminUser ListAllPage ........

PyMailSniper

Python port of MailSniper to exfiltrate emails via EWS endpoint

Screwed-Drivers

"Screwed Drivers" centralized information source for code references, links, etc.

shad0w

A post exploitation framework designed to operate covertly on heavily monitored enviroments

Test004

Persistence via Shell Extensions