The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digi…

Reflective PE loader that evades Volatility's malfind by exploiting VAD AllocationProtect immutability

The lazier way to manage everything docker

Run Windows apps on 🐧 Linux with ✨ seamless integration

All-in-one Mail & Collaboration server. Secure, scalable and fluent in every protocol (IMAP, JMAP, SMTP, CalDAV, CardDAV, WebDAV).

The Exhume ToolKit umbrella repository

physical memory introspection framework

macOS persistence mechanism scanner with code signature verification and timeline tracking.

BASIC compiler. Run programs directly, or compile to 32/64 bit binary. Supports C headers and assembly code. Supports Unicode source scripts.

Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.

A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container

Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective

POCs for CVE-2025-50154 and CVE-2025-59214, zero day vulnerabilities on windows file explorer disclosing NTLMv2-SSP without user interaction. It is a bypass for the CVE-2025-24054 Security Patch

Linux Rootkit (x86-64 / ARM64) that stealth hides processes, files, and sockets, hooks syscalls, encrypts traffic, and bypasses SELinux / AppArmor.

Rust Linux Kernel Module designed for LKM rootkit detection

Payload Development Kit

Indirect-Shellcode-Executor expoits the miss-configuration/vulnerability present on the API Windows method ReadProcessMemory discovered by DarkCoderSc. It exploits the nature of the in/out pointer …

Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket

macos-collector - Automated Collection of macOS Forensic Artifacts for DFIR

an open source, extensible AI agent that goes beyond code suggestions - install, execute, edit, and test with any LLM

A quick capture plugin for Obsidian, all data from your notes.

An open-source, cross-platform terminal for seamless workflows

Digital forensics for Google Drive—done right. Identify, preserve, and document cloud evidence with hash verification, timeline reconstruction, and defensible reporting for typical DLP cases.

DeNA社内で実施したLLM勉強会の資料とソースコード

Living Under the Land on Linux ~ BSides Belfast 2025

collection of blogs about malware development and analysis

Immutable Linux OS to run Incus

An application to analyze the EML file

A Windows Kernel Driver Emulator base on Unicorn, Kernel Memory Dump and some of native environment

Extract and Visualize Data from URLs using Unfurl