Evade EDR's the simple way, by not touching any of the API's they hook.

The Browser Exploitation Framework Project

Static Code Analysis - 静态代码分析

A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering

Get IP address on other side audio call in Telegram.

Binary Hollowing

StoneKeeper C2, an experimental EDR evasion framework for research purposes

Official code repo for the O'Reilly Book - "Hands-On Large Language Models"

一款轻量化可定制模板的邮件批量发送工具 | 可用于攻防钓鱼或其他邮件个性化的场景 | 可启动JavaFX或SpringWeb环境

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.

一个手动或自动patch shellcode到二进制文件的免杀工具/A tool for manual or automatic patch shellcode into binary file oder to bypass AV.

Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.

Agent responsible for detecting remote vulnerabilities, a robust scanner.

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…

Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js

A collection of Server-Side Prototype Pollution gadgets and exploits

《Windows 内核安全编程技术实践》 系列丛书，探索 Anti RootKit 反内核工具核心原理与技术实现细节。

Mentally ill EtwTi parser

Build your personal docker-compose.yml file for Monero services.

Execute dotnet app from unmanaged process

Bthub最新地址发布页

All the private and public audits that I have worked on.

Post-exploitation Tool For Windows

让"WAF绕过"变得简单

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1400多个poc/exp，长期更新。

jumpserver解密secret

A Rust-based dropper for shellcode payloads.

Slides for COM Hijacking AV/EDR Talk on 38c3

TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out of t…