Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Proxy performance batch tester based on Shadowsocks(R) and V2Ray

🔥Open source RASP solution

A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.

x64 binary obfuscator

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

Collection of various malicious functionality to aid in malware development

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

Support ALL Windows Version

UAC bypass by abusing RPC and debug objects.

PE bin2bin obfuscator

Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.

tool to extract passwords from TeamViewer memory using Frida

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.

An implementation and proof-of-concept of Process Forking.

Simple x86/x64 Assembler/Disassembler/Emulator

Proof of concept code for thread pool based process injection in Windows.

NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg