Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Port of Cobalt Strike's Process Inject Kit

BSides Prishtina 2024 Malware Development and Persistence workshop

HVNC for Cobalt Strike

⚠️ malware development

Checklists for Testing Security environment

FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading

My shellcodes (or shellcodish-things) written for educational purpose in NASM assembly.

Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.

PDF dropper Red Team Scenairos

This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes through the use of runspace.

Customizable Linux Persistence Tool for Security Research and Detection Engineering.

A script to automatically install Peda+pwndbg+GEF plugins for gdb

A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encry…

Penetration Testing with Shellcode, published by Packt

smbclient-ng, a fast and user friendly way to interact with SMB shares.

Credentials recovery project

Open-source Windows and Office activator featuring HWID, Ohook, KMS38, and Online KMS activation methods, along with advanced troubleshooting.

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

Cobalt Strike HTTPS beaconing over Microsoft Graph API

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

DarkGPT is an OSINT assistant based on GPT-4-200K (recommended use) designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your t…

This is a multi-use bash script for Linux systems to audit wireless networks.

Minimal Arch Installation with KDE Plasma Desktop from scratch.

Golang reverse proxy with CobaltStrike malleable profile validation.

Hide your P/Invoke signatures through other people's signed assemblies

This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditiona…

a tool to help operate in EDRs' blind spots