yanghaoi

GPU_ShellCode

DriverJack

Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths

injection

PatchlessCLRLoader

.NET assembly loader with patchless AMSI and ETW bypass

NLog

NLog - Advanced and Structured Logging for Various .NET Platforms

tigervnc

High performance, multi-platform VNC client and server

PythonForWindows

A codebase aimed to make interaction with Windows and native execution easier

ScyllaHide

Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide

hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

OffensiveCSharp

Collection of Offensive C# Tooling

sgn

Shikata ga nai (仕方がない) encoder ported into go with several improvements

sgn-html

Bringing Shikata ga nai to the front html

myph

shellcode loader for your evasion needs

ThreatCheck

Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.

EDRPrison

Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

deoptimizer

Evasion by machine code de-optimization.

rust-shellcode

windows-rs shellcode loaders

inline_syscall

Inline syscalls made easy for windows on clang

Pestilence

Shellcode loader designed for evasion. Coded in Rust.

riscy-business

RISC-V Virtual Machine

Awesome-AV-EDR-XDR-Bypass

Awesome AV/EDR/XDR Bypass Tips

Dump

Dump Crash收集和分析： 前端收集库采用CrashRpt、后端分析库采用CrashFix 在此记录！

md5-c

A simple, commented reference implementation of the MD5 hash algorithm

capa

The FLARE team's open-source tool to identify capabilities in executable files.

yara

The pattern matching swiss knife

mosquito

XSS exploitation tool - access victims through HTTP proxy

CursedChrome

Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.

node-win32-api

win32 api

hysteria

Hysteria is a powerful, lightning fast and censorship resistant proxy.

IHxExec

Process injection alternative