Rusty Mimikatz - All credits to: github.com/ThottySploity/mimiRust (Original author deleted account so I uploaded for community use)

4个 .soap 版本的WebShell（持续更新维护），优点：可以运行于子目录，突破了过去只能运行于根目录的限制。4个脚本分别支持调用cmd.exe/哥斯拉/冰蝎/天蝎 客户端。

Java反序列化/JNDI注入/恶意类生成工具，支持多种高版本bypass，支持回显/内存马等多种扩展利用。

burpsuite passive-scan-client 插件持续维护分支 v2024

SessionKey解密插件

shellcode免杀加载器，过主流杀软

shiro 反序列 命令执行辅助检测工具

互联网数字垃圾回收专用废纸篓

Apply a divide and conquer approach to bypass EDRs

ISG lets you use YouTube as cloud storage for ANY files, not just video

SoulExtraction is a windows driver library for extracting cert information in windows drivers

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

Improved version of EKKO by @5pider that Encrypts only Image Sections

Identify and exploit leaked handles for local privilege escalation.

Collection of PoC and offensive techniques used by the BlackArrow Red Team

Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak

Threadless Process Injection using remote function hooking.

Hook all callbacks which are registered with LdrRegisterDllNotification

HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.

Just another ntdll unhooking using Parun's Fart technique

Black box fuzzer for web applications

A tool that shows detailed information about named pipes in Windows

Information and PoC about the ENLBufferPwn vulnerability

Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do

Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscall instruction address resolving at run time

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

This map lists the essential techniques to bypass anti-virus and EDR

Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime

different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table