A script to generate AV evaded(static) DLL shellcode loader with AES encryption.

An improved version of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.

Open source obfuscation tool for .NET assemblies

Leveraging TPM2 TCG Logs (Measured Boot) to Detect UEFI Drivers and Pre-Boot Applications

Secure software enclave for storage of sensitive information in memory.

Open-source reimplementation of the Cloudflare WARP client's MASQUE protocol.

Efficient RAT signature locator for bypassing AV/EDR, supporting static scanning and memory scanning.

Unsigned driver loader using CVE-2018-19320

The best powershell obfuscator ever made

Parser and reconciliation tooling for large Active Directory environments.

SACL Scanner is a tool designed to scan and analyze SACLs.

ACL Viewer for Windows

Self-hosted version of webtor.io implemented as an all-in-one Docker image

Pack/Encrypt/Obfuscate ELF + SHELL scripts

微信好友关系一键检测，基于微信ipad协议，看看有没有朋友偷偷删掉或者拉黑你

ForsHops

This is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974).

Cobalt Strike BOF for evasive .NET assembly execution

DNSChef (NG) - DNS proxy for Penetration Testers and Malware Analysts

An example reference design for a proposed BOF PE

Active Directory Firewall

Self Cleanup in post-ex job

Callstack spoofing using a VEH because VEH all the things.

Long-term trials of macOS apps

Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CVE-2020-17087 and an off-by-one overflow

This is my starred repositories including the description for each tool. Makes search/filter over them easier.

Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.