Red teaming tool to dump LSASS memory, bypassing common countermeasures.

Shellcode loader generator with multiples features

BOF to steal browser cookies & credentials

Mythic C2 Agent written in x64 PIC C

stack spoofing

TokenCert

Run your own AI cluster at home with everyday devices 📱💻 🖥️⌚

early cascade injection PoC based on Outflanks blog post

Sleep obfuscation

Host CLR and run .NET binaries using Rust

Collect Windows telemetry for Maldev

AV/EDR Lab environment setup references to help in Malware development

Tool to decrypt App-Bound encrypted keys in Chrome 127+, using the IElevator COM interface with path validation and encryption protections.

Nuke It From Orbit - remove AV/EDR with physical access

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callb…

lsassdump via RtlCreateProcessReflection and NanoDump

Generate a proxy dll for arbitrary dll

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the ori…

Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.

Dynamically resolve API function addresses at runtime in a secure manner.

dump Chrome cookies remotely with atexec and CDP

BOF for C2 framework

This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository…

Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.

Using LNK files and user input simulation to start processes under explorer.exe

Collection of UAC Bypass Techniques Weaponized as BOFs