The pattern matching swiss knife

Authenticode-parser is a simple C library for Authenticode format parsing using OpenSSL.

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w…

Dump the memory of any PPL with a Userland exploit chain

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Defeating Windows User Account Control

Evading WinDefender ATP credential-theft

Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemory.

A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container

State-of-the-art native debugging tools

Enhanced version of the classic Spy++ tool

Set of tools to analyze Windows sandboxes for exposed attack surface.

Detours with just single dependency - NTDLL

A free Windows-compatible Operating System

Abusing impersonation privileges through the "Printer Bug"

AV/EDR evasion via direct system calls.

Hook system calls, context switches, page faults and more.

proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC

Privilege Escalation Enumeration Script for Windows

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Various tips & tricks

A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.

A VBA implementation of the RunPE technique or how to bypass application whitelisting.

The ultimate WinRM shell for hacking/pentesting

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters