Agent for AdaptixC2 with focus in evasion, capability and malleable.

Reflective shellcode loaderwith advanced call stack spoofing and .NET support.

Code execution/injection technique using DLL PEB module structure manipulation

Centralized resource for listing and organizing known injection techniques and POCs

Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.

The Simple Agent Development Kit.

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

simple c++ visual studio project that doesn't use the C/C++ runtime

This project aims to compare and evaluate the telemetry of various EDR products.

A centralized resource for previously documented WDAC bypass techniques

Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.

A Flask-based HTTP(S) command and control (C2) framework with a web interface. Custom Windows EXE/DLL implants written in C++. For educational use only.

.net config loader

For when DLLMain is the only way

Win32 and Kernel abusing techniques for pentesters

PoC module to demonstrate automated lateral movement with the Havoc C2 framework.

Collection of various malicious functionality to aid in malware development

EDRSandblast-GodFault

A PoC implementation for dynamically masking call stacks with timers.

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via System…

A tool to find folders excluded from AV real-time scanning using a time oracle

Malware development for red teaming workshop

ScareCrow - Payload creation framework designed around EDR bypass.

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it wi…

A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.