Virtual Machine Encryption for .NET

I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning path for me.

A beacon object file implementation of PoolParty Process Injection Technique.

Recursive Loader

Tiny cross-platform HTTP / HTTPS client library in C.

A small utility to modify the dynamic linker and RPATH of ELF executables

RpcView is a free tool to explore and decompile Microsoft RPC interfaces

Nameless C2 - A C2 with all its components written in Rust

A tool matrix for Russian APTs based on the Ransomware Tool Matrix

Command line interface to dump LSASS memory to disk via SilentProcessExit

使用MiniDumpWriteDump与RtlReportSilentProcessExit实现提取lsass.dmp的工具

Some Code Samples for Windows based Inter-Process-Communication (IPC)

Collection of undocumented Windows API declarations.

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for m…

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build support

A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff.

Run Rubeus via Rundll32

Nerd fonts patched Sarasa Gothic font.

Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file... and generate the Minidump later!

GetModuleHandle implementation in C# using only NtQueryInformationProcess by walking the PEB

Retrieve a list of loaded modules of a remote process in Windows, using NtQueryInformationProcess via SysWhispers3

Cargo subcommand to build a crate into shellcode

An Excellent OSINT tool to get information of any ip address. All details are explained in below screenshot

Leverage WindowsApp createdump tool to obtain an lsass dump

Bypass LSA protection using the BYODLL technique

Leaked Windows processes handles identification tool