Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.

AES-256 Microsoft Cryptography API Example Use.

PoC module to demonstrate automated lateral movement with the Havoc C2 framework.

Encrypted shellcode Injection to avoid Kernel triggered memory scans (Caro-Kann)

New generation of wmiexec.py

Just another ntdll unhooking using Parun's Fart technique

HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.

The code is a pingback to the Dark Vortex blog:

Credential Guard Bypass Via Patching Wdigest Memory

OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.

Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting

Infect Shared Files In Memory for Lateral Movement

miscellaneous scripts and programs

Patch AMSI and ETW

PoC for a new sleep obfuscation technique leveraging waitable timers to evade memory scanners.

Deleting Shadow Copies In Pure C++

A program to encrypt a binary to bypass static detection and aid in loader or dropper development and hide your payload in the resource section.

Patching Event Tracing for Windows, by overwriting "call ntdll!EtwpEventWriteFull" inside ntdll!EtwEventWrite , the patched call do the actual Event Writing

Execute Remote Assembly with args passing and with AMSI and ETW patching

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.