A short and sweet WebSocket client for C++

A websocket library for Windows.

Collection of various malicious functionality to aid in malware development

Optimized implementation of RC4 (Rivest Cipher 4, ARCFOUR) in ASM (x64) for Linux and Windows.

无proto文件解析protobuf序列化后的内容

Hades HIDS/HIPS for Windows

Dumping DPAPI credz remotely

Recovering NTLM hashes from Credential Guard

Collection of knowledge about information security

Native API header files for the System Informer project.

A collaborative, multi-platform, red teaming framework

Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.

Portable Executable (PE) library written in .Net

Hunts out CobaltStrike beacons and logs operator command output

CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon，其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能

More than a ReClass port to the .NET platform.

ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.

Digital Forensics artifact repository

Repository for CLR Hosting and Diagnostic API native code samples.

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

Run PS1, VBS, CMD, EXE, MSI, Intunewin, MSIX, or extract ISO, ZIP in Windows Sandbox very quickly just from a right-click

A tool to create a JScript file which loads a .NET v2 assembly from memory.

Utilities for Sysmon

Windows Event Log Killer

Cobalt Strike插件 - RDP日志取证&清除

hydra

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.