marcosd4h

nanodump

Dump LSASS like you mean it

kdmapper

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

RefleXXion

RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.

knownDlls_Poison

MalMemDetect

Detect strange memory regions and DLLs

SinMapper

usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to prevent modern anti-cheats (BattlEye, EAC) from finding your driver and having the power to hook anything due to being inside of legit memory (signed legit driver).

TokenStomp

C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic

BackupOperatorToDA

From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller

CandyPotato

Pure C++, weaponized, fully automated implementation of RottenPotatoNG

capa-rules

Standard collection of rules for capa: the tool for enumerating the capabilities of programs

exploitkitpub

FindETWProviderImage

Quickly search for references to a GUID in DLLs, EXEs, and drivers

Hunt-Sleeping-Beacons

Aims to identify sleeping beacons

LiquidSnake

LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

MalSeclogon

A little tool to play with the Seclogon service

PDBRipper

PDBRipper is a utility for extract an information from PDB-files.

PR0CESS

some gadgets about windows process and ready to use :)

Privexec

Run the program with the specified permission level (C++17 required)

process-governor

This application allows you to put various limits on a Windows process.

RestrictedAdmin

Remotely enables Restricted Admin Mode

shakeitoff

Windows LPE 0-day

small

C++ small containers

unDefender

Killing your preferred antimalware by abusing native symbolic links and NT paths.

unicorn_pe

Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.

windows-hardening-scripts

Windows 10/11 hardening scripts

winrmdll

C++ WinRM API via Reflective DLL

WinSys

C++ library for low-level Windows development

WPBT-Builder

The simple UEFI application to create a Windows Platform Binary Table (WPBT) from the UEFI shell.

xntsv

XNTSV program for detailed viewing of system structures for Windows.

zerosharp

Demo of the potential of C# for systems programming with the .NET native ahead-of-time compilation technology.