Lists (6)
Sort Name ascending (A-Z)
C2 Repos
Repos related to open source C2 frameworksEvasion Repos
All the repos related to EDR, AV and defense evasionsMalwares
All the sources codes of famous malwaresMy Projects
All projects that I've createdThreat Hunting
All the tools and code related towards thread huntingWindows Internals Repos
All the tools, notes and repos related towards windows internalsStarred repositories
This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation tech…
Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
C2 Infrastructure Automation
Indirect Syscall implementation to bypass userland NTAPIs hooking.
PhantomsGate: Advanced Shellcode Injection Technique
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4 (https://bruteratel.com/)
EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual.
A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously.
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…
ROP-based sleep obfuscation to evade memory scanners
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.
Source generator to add D/Invoke and indirect syscall methods to a C# project.
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
Demonstration of Early Bird APC Injection - MITRE ID T1055.004
EternalHush - new free advanced open-source c2 framework
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su…
Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
C++ code to inject obfuscated shellcode into a remote process memory.