Alice's repositories
Chaos-Rootkit
x64 ring0 rootkit with process hiding, privilege escalation, and capabilities for protecting and unprotecting processes
Microsoft-Activation-Scripts
A Windows and Office activator using HWID / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections.
VMProtect-Source
Source of VMProtect (NOT OFFICIALLY)
CVE-2023-24055
POC and Scanner for CVE-2023-24055
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
Qu1cksc0pe
All-in-One malware analysis tool.
Artillery
CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administrator.
EDRception
A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
EtwExplorer
View ETW Provider manifest
FullBypass
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Feel free to modiy and DM if you find some bugs :)
KsDumper-11
A revival of the classic and legendary KsDumper
Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
OffensiveRust
Rust Weaponization for Red Team Engagements.
PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual.
windows-api-function-cheatsheets
A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.
WMIProcessWatcher
A CIA tradecraft technique to asynchronously detect when a process is created using WMI.