Stars
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Proxy performance batch tester based on Shadowsocks(R) and V2Ray
A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
Collection of various malicious functionality to aid in malware development
Remove AV/EDR Kernel ObRegisterCallbacksãCmRegisterCallbackãMiniFilter CallbackãPsSetCreateProcessNotifyRoutine CallbackãPsSetCreateThreadNotifyRoutine CallbackãPsSetLoadImageNotifyRoutine Callback...
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
Support ALL Windows Version
Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
tool to extract passwords from TeamViewer memory using Frida
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
An implementation and proof-of-concept of Process Forking.
Proof of concept code for thread pool based process injection in Windows.
NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg