PE bin2bin obfuscator

C++ 17 or higher control flow obfuscation library for windows binaries

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

Quickly find differences and similarities in disassembled code

A Cross-Platform C++ parser library for Windows user minidumps with Python 3 bindings.

The Windows Research Kernel (WRK)

miniz: Single C source file zlib-replacement library, originally from code.google.com/p/miniz

HTTP 403 bypass tool

IDA Plugin to automatically identify and set enums for standard functions

An IDA Plugin that help analyzing module that use COM

A tool that is used to hunt vulnerabilities in x64 WDM drivers

Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares

Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver

Finding Truth in the Shadows

Proofs-of-concept

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

Bootkit for Windows Sandbox to disable DSE/PatchGuard.

MemProcFS

generate CobaltStrike's cross-platform payload

Reverse Engineer's Toolkit

library for importing functions from dlls in a hidden, reverse engineer unfriendly way

Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8

Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.

An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer

Platform that enables Windows driver development in Rust. Developed by Surface.

Vulnerabilities you my miss during a penetration testing.

Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unauthorized modifications to the Windows kernel. The analysis is…