ida plugin to parse qt meta data

Fortigate related tools

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.

Open EDR public repository

Certificate Transparency Log Monitor

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

Open-source Windows and Office activator featuring HWID, Ohook, KMS38, and Online KMS activation methods, along with advanced troubleshooting.

Repository for the Microsoft Identity Tools PowerShell module which provides various tools for performing enhanced Identity administration activities.

Diaphora, the most advanced Free and Open Source program diffing tool.

Tools for interacting with authentication packages using their individual message protocols

A rewrite of the old legacy software "depends.exe" in C# for Windows devs to troubleshoot dll load dependencies issues.

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…

Collection of malware source code for a variety of platforms in an array of different programming languages.

The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/

The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes

PIC lsass dumper using cloned handles

Dumping DPAPI credz remotely

An example of a client and server using Windows' ALPC functions to send and receive data.

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

Windows Local Privilege Escalation from Service Account to System

Research into Undocumented Behavior of Azure AD Refresh Tokens

HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Collection of scripts to retrieve stored passwords from Veeam Backup

Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK framework.

TCP IP伪造,建议使用 ubuntu 22.04

Radical Windows ARK

A small x64 library to load dll's into memory.