rhakb

PoolParty

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

PoolPartyBof

A beacon object file implementation of PoolParty Process Injection Technique.

vmprotect-3.5.1

gogo

面向红队的, 高度可控可拓展的自动化引擎

BofAllTheThings

Creating a repository with all public Beacon Object Files (BoFs)

XG_NTAI

用于Webshell木马免杀、流量加密传输

Tartarus-TpAllocInject

360QVM_bypass

通过生成不同hash的ico并写入程序中，实现批量bypass360QVM

Sign-Sacker

Sign-Sacker(签名掠夺者)：一款数字签名复制器，可将其他官方exe中数字签名，图标，详细信息复制到没有签名的exe中，作为免杀，权限维持，伪装的一种小手段。

rustdesk-hvnc

HVNC based on RustDesk

GhostTask

A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.

WeblogicTool

WeblogicTool，GUI漏洞利用工具，支持漏洞检测、命令执行、内存马注入、密码解密等（深信服深蓝实验室天威战队强力驱动）

ExecuteAssembly

Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash).

injection-stuff

PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts

nopowershell

PowerShell rebuilt in C# for Red Teaming purposes

Eventlogedit-evtx--Evolution

Remove individual lines from Windows XML Event Log (EVTX) files

EvtPsst

EvtPsst

URLFinder

一款快速、全面、易用的页面信息提取工具，可快速发现和提取页面中的JS、URL和敏感信息。

SharpSocks5

Tunnellable HTTP/HTTPS socks5 proxy written in C#

SharpSocks

Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell

WDExtract

Extract Windows Defender database from vdm files and unpack it

Cronos

PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.

AddShare

添加Windows机器网络共享文件夹

LatLoader

PoC module to demonstrate automated lateral movement with the Havoc C2 framework.

pingtunnel

Pingtunnel is a tool that send TCP/UDP traffic over ICMP

avList

avList - 杀软进程对应杀软名称

spawn

Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.

MooInfo

Visual implementation of OSHI, to view information about the system and hardware.

RedPersist

fuzzing

Tutorials, examples, discussions, research proposals, and other resources related to fuzzing