Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

A repository of sysmon configuration modules

POC tool to convert CobaltStrike BOF files to raw shellcode

Hunting queries and detections

PowerShell rebuilt in C# for Red Teaming purposes

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar

Shikata ga nai (仕方がない) encoder ported into go with several improvements

Collection of Offensive C# Tooling

一款host碰撞工具，做了较多的误报优化

An open-source windows defender manager. Now you can disable windows defender permanently.

LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113

Execute dotnet app from unmanaged process

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

A DLL loader with advanced evasive features

总结了20+.Net反序列化文章，持续更新

WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler

Interactive, dynamic, and realistic LLM honeypots

Enumerate and disable common sources of telemetry used by AV/EDR.

Event Tracing For Windows (ETW) Resources

SQLite queries

CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

A distributed task scheduling framework.（分布式任务调度平台XXL-JOB）

Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading

一款用Go语言编写的数据库自动化提权工具，支持Mysql、MSSQL、Postgresql、Oracle、Redis数据库提权、命令执行、爆破以及ssh连接

Port of Cobalt Strike's Process Inject Kit

Host CLR and run .NET binaries using Rust

Java 内存马开聚会 🎉

Windows - Weaponizing privileged file writes with the Update Session Orchestrator service