Modular C2 loader featuring dynamic function encryption, in-memory payload support, and a covert DoH command channel, configurable via a Python builder and a Node.js web panel.

A Proof-of-Concept implementation of Reflective DLL Injection (RDI) specifically for Windows on ARM64. Demonstrates PEB access via the x18 register and manual DLL mapping.

Multilayered AV/EDR Evasion Framework

A basic C2 framework written in C

Windows C++ Implant for Exploration C2

TeamServer and Client of Exploration Command and Control Framework

Encrypted shellcode Injection to avoid Kernel triggered memory scans

AV bypass while you sip your Chai!

A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader

Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows

HookChain: A new perspective for Bypassing EDR Solutions

lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.

Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]

A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.

Windows NTLMSSP library

The Definitive Guide To Process Cloning on Windows

Creatively retrieve module base, teb, peb or function base

beta

Cross-platform proxy resolution library written in C.

Patch (block) whatever function you want in a remote process. Adding a ret instruction at the first memory address of this function, the target function will be exited automatically all the times c…

Reflective DLL Injection Made Bella

various methods of making API calls

Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution

Prime a process for injection when S1 is present

Standalone Metasploit-like XOR encoder for shellcode

VM detection library and tool

Code samples that serve as references for Windows API functions