Tesseract Open Source OCR Engine (main repository)

aria2 is a lightweight multi-protocol & multi-source, cross platform download utility operated in command-line. It supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink.

The Next Generation of Anti-Rookit(ARK) tool for Windows.

A cross-platform shadowsocks GUI client

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

A distributed graph deep learning framework.

shellcodeloader

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

Stop Windows Defender programmatically

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

kill anti-malware protected processes ( BYOVD) ( Microsoft Won)

检测绝大部分所谓的内存免杀马

这是一个基于gh0st远程控制的项目，使自己更深入了解远控的原理，采用VS2017，默认分支hijack还在修改不能执行，master分支的项目可以正常的运行的，你可以切换到该分支查看可以执行的代码

使用windows api添加用户，可用于net无法使用时.分为nim版，c++版本，RDI版，BOF版。

CVE-2021-1732 Exploit

UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware

通过反射DLL注入、Win API、C#、以及底层实现NetUserAdd方式实现BypassAV进行增加用户的功能,实现Cobalt Strike插件化

Credential Guard Bypass Via Patching Wdigest Memory

shellcode 异或加密并生成dll

《逆向工程核心原理》源码及程序示例

AmsiHook is a project I created to figure out a bypass to AMSI via function hooking.

在权限足够的情况下弹出system权限的cmd命令行，包含exe和dll两种文件类型，可用于一些可能存在本地提权漏洞的测试。