Collection of scripts to retrieve stored passwords from Veeam Backup

Matkap - hunt down malicious Telegram bots

My POC implementation of HVNC (Hidden VNC / Hidden Desktop)

Linux-based botnet builder designed for creating advanced botnet payloads.

An NFC research toolkit application for Android

POC exploit for CVE-2024-49138

ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.

Stage 0

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

AV/EDR Lab environment setup references to help in Malware development

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callb…

Now You See Me, Now You Don't

LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission.

Inject RDPThief into memory with PowerShell.

Extracting Clear Text Passwords from mstsc.exe using API Hooking.

Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs

EDR & Antivirus Bypass to Gain Shell Access

Extract credentials from lsass remotely

Nameless C2 - A C2 with all its components written in Rust

Leverage WindowsApp createdump tool to obtain an lsass dump

403/401 Bypass Methods + Bash Automation + Your Support ;)

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http …