PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.

Generic PE loader for fast prototyping evasion techniques

Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

silent syscall hooking without modifying sys_call_table/handlers via patching exception handler

A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber

IPv6 address rate limiting evasion tool (that also supports IPv4)

Windows (ShadowMove) Socket Duplication

Implant drop-in for EDR testing

A PERSISTENT FUD Backdoor ReverseShell coded in C for any Windows distro, that will make itself persistent on every BOOT and fire a decoy app in the foreground while connecting back to the attacker machine as a silent background process , spawning a POWERSHELL on the attacker machine.

Bypass the Event Trace Windows(ETW) and unhook ntdll.

Take a screenshot without injection for Cobalt Strike

Proof-of-Concept to evade auditd by writing /proc/PID/mem

A repository dedicated to researching, documenting, developing, and ultimately, defending against various strains of malicious software.

Proof-of-Concept to evade auditd by tampering via ptrace

Download File Using Inseng.dll "DownloadFile" function

512-bit block encryption algorithm, specially for x64

A lsass dump tool using MiniDumpWriteDump & syscall(NtOpenProcess) technique. only tested on windows 11 with defender enabled:-)

detect-hooks port for sliver C2

Simple but effective methods to avoid being detected by antivirus

Shell-Crypt is a utility for bypassing scantime detections with heavily signatured shellcodes in C/C++ implants.