PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.

a tool to help operate in EDRs' blind spots

Rust Weaponization for Red Team Engagements.

Portable Executable reversing tool with a friendly GUI

Hook system calls, context switches, page faults and more.

Cobalt Strike UDRL for memory scanner evasion.

Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)

Library for interacting with LLVM IR in pure Go.

Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level

Zig bindings for Win32 generated by https://github.com/marlersoft/zigwin32gen

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.

RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtC…

Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut

Custom Metasploit post module to executing a .NET Assembly from Meterpreter session

Shikata ga nai (仕方がない) encoder ported into go with several improvements

x86 WinAPI hook written in pure Go

AV/EDR evasion via direct system calls.

A tool to kill antimalware protected processes

Drive-by data exfiltration using open WiFi networks & DNS requests

Call stack spoofing for Rust

Frida Go bindings

miscellaneous scripts and programs

PoC Implementation of a fully dynamic call stack spoofer

Shoggoth: Asmjit Based Polymorphic Encryptor

A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…

Obfuscate specific windows apis with different apis

A modern, mod independent open source cheat for Enemy Territory

x64 binary obfuscator