Skip to content
View SaadAhla's full-sized avatar
💭
I may be slow to respond.
💭
I may be slow to respond.
1.7k followers · 236 following
  • Morocco

Sponsors

@djalal

Achievements

Achievement: Pair ExtraordinaireAchievement: Starstruckx3

Achievements

Achievement: Pair ExtraordinaireAchievement: Starstruckx3

Block or report SaadAhla

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Stars

Showing results

lowlevel01 / llvm-obfuscation-passes

Educational collection of LLVM obfuscation passes. (Feel free to use it for your course)

Makefile 34 8 Updated Nov 16, 2025

SlimKQL / Hunting-Queries-Detection-Rules

KQL Queries. Microsoft Defender, Microsoft Sentinel

JavaScript 832 150 Updated Feb 25, 2026

jsacco / ntoskrnlwalker

Resolve offsets, gadgets and symbols from NTKernel

C++ 56 6 Updated Jan 15, 2026

Malcrove / clickonce-generator

A small toolkit for generating ClickOnce payloads with AppDomainManager Injection.

Python 17 1 Updated Nov 5, 2025

Malcrove / SeamlessPass

A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO

Python 236 17 Updated Aug 25, 2024

R3alM0m1X82 / SpecterBroker

Advanced Windows authentication token extraction and decryption tool for red team operations and security research

C# 84 18 Updated Dec 30, 2025

zero2504 / EDR-GhostLocker

AppLocker-Based EDR Neutralization

C 321 44 Updated Dec 19, 2025

eversinc33 / unKover

Anti-Rootkit/Anti-Cheat Driver to uncover unbacked or hidden kernel code.

C++ 297 33 Updated Dec 10, 2025

SaadAhla / Anti-Sandbox

C++ 48 7 Updated Nov 26, 2025

j3h4ck / WatchDogKiller

PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.

C++ 180 22 Updated Sep 11, 2025

chompie1337 / PhrackCTF

Binary Exploitation Phrack CTF Challenge

C 70 12 Updated Aug 21, 2025

alex3O / BYOVD-DriverKiller

Driver Reverse & Exploitation

C 82 15 Updated Sep 4, 2025

kkent030315 / anycall

x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration

C++ 388 71 Updated Jul 6, 2022

SamuelTulach / meme-rw

Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode

C++ 163 43 Updated Jul 31, 2022

0xJs / BYOVD_read_write_primitive

Proof of Concepts code for Bring Your Own Vulnerable Driver techniques

C 210 30 Updated Aug 21, 2025

0xJs / BlockEDRTraffic

Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows Filtering Platform (WFP).

C 264 34 Updated Sep 23, 2025

0xflux / Sanctum

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

Rust 515 51 Updated Feb 15, 2026

Xacone / Eneio64-Driver-Exploits

A serie of exploits targeting eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W

C++ 116 23 Updated Oct 19, 2025

0xJs / BYOVD_EDRKiller

Proof of Concepts code for Bring Your Own Vulnerable Driver techniques

C 91 24 Updated Aug 21, 2025

0xJs / EnumEDRs

Enumerate active EDR's on the system

C 150 24 Updated Sep 23, 2025

BlackSnufkin / BYOVD

BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).

Rust 593 90 Updated Feb 24, 2026

lowlevel01 / deGremlin

Decrypt and Patch strings obfuscated with Appfuscator. Tested on Gremlin Stealer.

C# 14 Updated Nov 10, 2025

vxlang / vxlang-page

protector & obfuscator & code virtualizer

C++ 681 46 Updated Feb 26, 2026

NtDallas / MemLoader

Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible

C++ 270 38 Updated Jun 18, 2025

SaadAhla / dark-kill

A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callback Routine registering and ZwTerminateProcess.

C++ 256 51 Updated Jun 10, 2025

ProcessusT / HavocHub

PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are relayed through Issues and Comments for maximum stealth.

Python 45 6 Updated Jul 9, 2025

ProcessusT / Dictofuscation

Obfuscate the bytes of your payload with an association dictionary

Python 75 16 Updated Nov 7, 2025

CyberSecurityUP / ShadowPhish

ShadowPhish is an advanced APT awareness toolkit designed to simulate real-world phishing, malware delivery, deepfakes, smishing/vishing, and command & control attacks through an intuitive graphica…

Python 226 29 Updated Apr 18, 2025

0x00Jeff / BetterGetProcAddress

POC of a better implementation of GetProcAddress for ntdll using binary search

C 111 14 Updated Apr 8, 2024

shjamal / DocPLZEx-Slack

DocPLZEx-Slack

C++ 6 1 Updated Jul 6, 2025
Next