Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

Centralized resource for listing and organizing known injection techniques and POCs

CPL remote trigger

Six Degrees of Domain Admin

A collection of various methods for adding user from windows

Mimikatz implementation in pure Python

Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation

Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.

BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.

Threadless Process Injection using remote function hooking.

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions

BOF for Kerberos abuse (an implementation of some important features of the Rubeus).

Trying to tame the three-headed dog.

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

免杀远控木马源码整理开源(银狐 winos 大灰狼 gh0st) Rat

PC免杀远控winos4.0成品

Mirror of the LuaJIT git repository

A BOF that runs unmanaged PEs inline

A list of useful Powershell scripts with 100% AV bypass (At the time of publication).

A Visual Studio template used to create Cobalt Strike BOFs

蓝队应急工具

EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.

Weaponize DLL hijacking easily. Backdoor any function in any DLL.

Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopeful…

Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.

An IDA Plugin that help analyzing module that use COM

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil…