This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, C2 servers, backdoors, exploitation techniques, stage…

Server/Client SOCKS5 (RFC 1928) in Reverse mode on Windows

A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library

Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.

Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB

Exposing CharmingKitten's malicious activity for IRGC-IO Counterintelligence division (1500)

A list of OSINT tools & resources for (fraud-)investigators, CTI-analysts, KYC, AML and more.

A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass

Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread

such cobaltstrike loder to bypass av

Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.

Simulate per-process disconnection in red team environments

LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.

HVNC for Cobalt Strike

A tool to transform Chromium browsers into a C2 Implant

A list of python tools to help create an OPSEC-safe Cobalt Strike profile.

Reverse shell implant using full API emulation and virtualization for advanced EDR evasion. By abstracting execution and simulating system API calls inside a virtual machine, the implant bypasses t…

A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.

Windows kernel and user mode emulation.

Rewrite and obfuscate code in compiled binaries

Stealthily inject shellcode into an executable

A simple Sleepmask BOF example

Analyse your malware to surgically obfuscate it

A collection of tools, scripts and personal research

An open-source, free protector for .NET applications

FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading

面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams