Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Small and highly portable detection tests based on MITRE's ATT&CK.

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes

Migrate C code to Rust

Useful C2 techniques and cheat sheets learned from engagements

Evasive shellcode loader for bypassing event-based injection detection (PoC)

BloodyAD is an Active Directory Privilege Escalation Framework

darkPulse是一个用go编写的shellcode Packer，用于生成各种各样的shellcode loader，免杀火绒，360核晶等国内常见杀软。

Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀

This map lists the essential techniques to bypass anti-virus and EDR

Kernel rootkit, that lives inside the Windows registry values data

CSLoader is a general purpose obfuscation and anti-virus tool based on a reimplementation of the llvm project obfuscator(https://github.com/obfuscator-llvm/obfuscator).

Set of tools to analyze Windows sandboxes for exposed attack surface.

Kotoamatsukami is an obfuscator based on LLVM-17, utilizing LLVM's new pass to implement plug-in features, for obfuscating multiple languages and platforms.

Multilayered AV/EDR Evasion Framework

AdaptixC2 is a highly modular advanced redteam toolkit

Dll injection through code page id modification in registry. Based on jonas lykk research

Obfuscation LLVM 17

no-defender re-up all credit goes to https://github.com/es3n1n/no-defender

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

.NET assembly loader with patchless AMSI and ETW bypass

免杀主流防病毒软件

A project that demonstrates embedding shellcode payloads into image files (like PNGs) using Python and extracting them using C/C++. Payloads can be retrieved directly from the file on disk or from …

This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on

牛屎花 一款基于WEB界面的远程主机管理工具

Cobalt Strike Malleable C2 Design and Reference Guide

Nimbo-C2 is yet another (simple and lightweight) C2 framework

C2 Powershell Command & Control Framework with BuiltIn Commands