joshfinley

SyscallDumper

Dump system call codes, names, and offsets from Ntdll.dll

radkov

Escape from Tarkov radar in Go

memscan

Toy go memory mapping tool

Not-A-Virus.Win64.ImportObfuscation

PeblessGetModuleHandle

Resolve DLL bases without APIs or PEB access

addsec

chisel

cobalt-arsenal

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

CommandLineArgumentTamperingDemo

Cordyceps

C++ self-Injecting dropper based on various EDR evasion techniques.

DcRat

A simple remote tool in C#.

EagleVM

WIP Native code virtualizer for x64 binaries

goobj

dumb hack to import goobj for experimentation

joshfinley.github.io

KernelObjectNotificationDemo

lin64.example

Example x86_64 linux nasm/yasm project

packer

A tutorial on how to write a packer for Windows!

ParentProcessSpoofDemo

PentestingIntroduction

PMAT-labs

Labs for Practical Malware Analysis & Triage

RadarBase

Work-in-progress

ReturnAddressSpoofDemo

RunasCs

RunasCs - Csharp and open version of windows builtin runas.exe

SharpCollection

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

Shelter

ROP-based sleep obfuscation to evade memory scanners

SleepObfuscationTimerDemo

SyntheticStackSpoofDemo

SyscallResolutionViaRvaDemo

UnhookDemo

WinGadgetHunter