Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool

Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.

Anti-Rootkit/Anti-Cheat Driver to uncover unbacked or hidden kernel code.

Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.

Raigeki is a Rust-based shellcode loader that writes memory via APCs using NtQueueApcThread and RtlFillMemory.

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

bypassing intel txt's tboot integrity checks via coreboot shim

Easy 802.1Q VLAN Hopping

A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs

Collection of codes focused on Linux rootkits

Browser extension that leverages TruffleHog and Native Messaging Hosts to scan web traffic in real-time for exposed secrets

A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encry…

An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.

Multilayered AV/EDR Evasion Framework

DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely

A collection of various vulnerable (mostly physical memory exposing) drivers.

See it live at HacktheHeap.io now!

A migration for the page table entry based side-channel attack agains SGX enclaves.

A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager

Username enumeration and password spraying tool aimed at Microsoft O365.

Source code of a multiple series of tutorials about the hypervisor. Available at: https://rayanfam.com/tutorials

Allows safer access to model specific registers (MSRs)

Small toolkit for extracting information and dumping sensitive strings from Windows processes

This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.

Explore Kernel Objects on Windows

The Browser Exploitation Framework Project

A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.