Disks for DMA

SysWhispers on Steroids - AV/EDR evasion via direct system calls.

A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk

A Blind EDR Project for Educational Purposes

A reflective DLL development template for the Rust programming language

A cross platform C2/post-exploitation framework.

基于Tinynuke修复得到的HVNC

Compile a windows client

[AdaptixC2] 多语言支持

Prevent in-process process termination by patching exit APIs

Evasive shellcode loader

A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

demo unhooking functions in ntdll

Build sneaky & malicious LNK files.

一款高性能 HTTP 代理隧道工具 | A high-performance http proxy tunneling tool

LSASS Credential Dumper that utilizes the Windows API, in-memory RC4 encryption and Base64 encoding, and HTTPS exfiltration.

Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs

My collection of malware dev links

An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.

An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.

Multilayered AV/EDR Evasion Framework

Cobalt Strike random C2 Profile generator

Replace the .txt section of the current loaded modules from \KnownDlls\

A modern, portable, easy to use crypto library.

RunPE implementation with multiple evasive techniques (2)

Move CS beacon to GPU memory when sleeping

A post exploitation framework designed to operate covertly on heavily monitored environments

Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind