The different ways to dump lsass

The Havoc Framework

FLARE Team's Binary Navigator

This repository contains my complete resources and coding practices for malware development using Rust 🦀.

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

IPython console integration for IDA Pro

Configuration extractors/decryptors for various Windows malware families.

How to setup Pycharm to run scripts in IDA using the Run menu (or a keybind)

Reads and writes .NET assemblies and modules

Rapid7 Labs operates as the division of Rapid7 focused on threat research. It is renowned for providing comprehensive threat intelligence, research and analytics.

Python cross-version bytecode library and disassembler

Reports in .MD format

A robust, multiprocessing-capable, multi-family RAT config parser/config extractor for AsyncRAT, DcRAT, VenomRAT, QuasarRAT, and cloned/derivative RAT families.

Hide your P/Invoke signatures through other people's signed assemblies

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Feel free to modiy and DM if you find s…

Configuration Extractors for Malware

protector & obfuscator & code virtualizer

Kernel Driver Utility

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

Nidhogg is an all-in-one simple to use rootkit for red teams.

Retrieve inner payloads from Donut samples

Remote Administration Tool for Windows

BlackLotus UEFI Windows Bootkit

Debugger Anti-Detection Benchmark

Recon 2023 slides and code

A tour of what some Rust language features look like after compilation.