PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.

Sleep Obfuscation

FindSomething本地移植版--HeartK

Shellcode Loader Utilizing ETW Events

Hunt for SQLite files used by various applications

macOS Artifacts

🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & Scraper

OFFZONE 2024 Malware Persistence workshop

A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight, Unified Logs, user data and many more, while preserving the…

Collect Windows telemetry for Maldev

Pure Malware Development Resource Collections

DecryptTools-综合解密

PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection rules, simulate logs, and undertake various security tasks,…

Attack and defend active directory using modern post exploitation adversary tradecraft activity

Early cascade injection PoC based on Outflanks blog post written in Rust

This tool parses Windows EVTX logs to extract login and logout sessions from a security.evtx file.

This tool parses Windows EVTX logs to extract login and logout sessions from a security.evtx file. It uses a Tkinter GUI to let you select the EVTX file and specify a time for correlating login and…

Quick ESXi Log Parser

This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation tech…

Finds event logs between two time points. Useful for helpdesk/support/malware analysis.

Event Tracing For Windows (ETW) Resources

A utility for playing with cryptography, geared towards ransomware analysis.

Chiron Unpacker, developed by the Malwation MTR Team, is an Unpacker for Packers using the Assembly.Load function.

A deobfuscator for scripts obfuscated by Obfuscator.io

侦查守卫(observer_ward)Web应用和服务指纹识别工具

侦查守卫(ObserverWard)的指纹库

Elastic Malware Benchmark for Empowering Researchers