PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin

TL-NodeJsShell 是一个为安全专业人员和渗透测试人员设计的综合性 WebShell 管理平台。它提供了一个现代化的 Web 界面，用于管理基于 Node.js 的 Shell，具有内存马注入、命令执行、文件管理和代理支持等高级功能。

Shellcode injection using the Windows Debugging API

an awesome list of honeypot resources

对开源蜜罐的学习研究与理解

蜜罐集合

Knowledge Base 慢雾安全团队知识库

Smart keylogging capability to steal SSH Credentials including password & Private Key

A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.ex…

Anti-Debugging (Self-Debugging)

Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique

Use of in-memory string scans to outsmart reverse engineers

An AI SKILL that provide design intelligence for building professional UI/UX multiple platforms

Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence and filesystem.

Guardian is a production-ready AI-powered penetration testing automation CLI tool that leverages Google Gemini and LangChain to orchestrate intelligent, step-by-step penetration testing workflows w…

A mapper that maps shellcode into loaded large page drivers

仍然可用的微信RPA！支持4.0系列微信pywechat是一个基于pywinauto实现的windows桌面微信自动化操作工具，基本实现了PC微信内置的各项操作。

Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.

A WinDbg extension to trace COM interactions

一款用于自动切换ip的代理池服务,无需任何依赖，能快速运行。

A tool written in golang which compress using UPX and patch it with the provided PE file to make "UPX -d" flag impossible to decompress also bypass the "modified UPX" in DIE

ARL官方仓库备份项目+指纹添加工具：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks

后渗透信息/密码/凭证收集工具

Load a dynamic library from memory by modifying the native Windows loader

Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.

通过websocket在IIS8(Windows Server 2012)以上实现socks5代理

免杀知识库 | 开源免杀木马效果测试 360 火绒 卡巴斯基 Microsoft Defender | 免杀工具汇总

WiFi密码暴力破解工具-图形界面，支持WPA/WPA2/WPA3、多开并发、自动破解、自定义密码本、自动生成密码字典