Multiplayer pivoting solution

A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs

WhoAmI by asking the LDAP service on a domain controller.

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.

SAM Dumping in C#

助力每一位RT队员，快速生成免杀木马

The code is a pingback to the Dark Vortex blog:

Your Windows syscall hooking factory - feat Canterlot's Gate - All accessible over MCP

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

Indirect Syscall implementation to bypass userland NTAPIs hooking.

Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections

External Base for researching Shadow Regions in Valorant

Execute shellcode files with rundll32

An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

Kernel mode to user mode dll injection

The easiest way to run WireGuard VPN + Web-based Admin UI.

Anvilogic Forge

Anti-Rootkit/Anti-Cheat Driver to uncover unbacked or hidden kernel code.

Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.

A bunch of scripts and code i wrote.

AICI: Prompts as (Wasm) Programs

A massively parallel, high-level programming language

A fast compressor/decompressor

General malware analysis stuff

A simple multiplatform command line search tool for Windows API.

A command line Windows API tracing tool for Golang binaries.

IDA plugin that resolves PPL calls to the actual underlying PPL function.

金蝶星空云反序列化漏洞内存马