PoC for popping a system shell against the LnvMSRIO.sys driver

EDR-Redir : a tool used to redirect the EDR's folder to another location.

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

Header-only compile-time variables obfuscation library for C++20 and later. Compiler Support: MSVC (+WDM), LLVM, GCC. Architecture Support: x86-64, ARM

A Patchless AMSI Bypass Technique using VEH²

Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulation on Windows x64. For security research and learning purpos…

A language-agnostic JSON-encoded instruction-by-instruction test suite for the 65[c]02 that includes bus activity.

a NES / 6502 dissasembler / decompiler written in C# DotNet8

Just in time compilation and execution of 6502 applications

C++17 PE manualmapper

A C++ header-only HTTP/HTTPS server and client library

A tool that supports finding and abusing whitelisted programs to allow arbitrary file writing into the executable folder of Antivirus software

Lateral Movement Bof with MSI ODBC Driver Install

The tool used to clone the digital signatures of legitimate programs

This tool helps inject code into the processes of Antivirus programs.

Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.

This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.

Stealthy DLL injector using thread hijacking and remote gadgets — no OpenProcess or CreateRemoteThread.

A process injection technique using only thread context manipulation

Obfuscation library based on C++20 and metaprogramming

Centralized resource for listing and organizing known injection techniques and POCs

Encrypted shellcode Injection to avoid Kernel triggered memory scans

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities.

NOCRT - simple replacement of some parts of C runtime library

Example of a functional anti debugger, protector.

Simple Kernelmode DLL Injector with Manual mapping

入侵痕迹清理/Cleaning up traces of intrusion

Simple and flexible programming language for applications development