A BOF that runs unmanaged PEs inline

Hide the TCP Connection

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

darkPulse是一个用go编写的shellcode Packer，用于生成各种各样的shellcode loader，免杀火绒，360核晶等国内常见杀软。

MemoryModule which compatible with Win32 API and support exception handling

Simulate the behavior of AV/EDR for malware development training.

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

Stealing Signatures and Making One Invalid Signature at a Time

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!

HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.

Dynamic Instrumentation Tool Platform

Zero-Day Code Injection and Persistence Technique

My implementation of enSilo's Process Doppelganging (PE injection technique)

C++ self-Injecting dropper based on various EDR evasion techniques.

Windows 驱动开发技术详解 张帆 史彩成

远控免杀系列文章及配套工具，汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。

油猴脚本 - 一个免费开源的网盘下载助手

RISC-V Virtual Machine

ScareCrow - Payload creation framework designed around EDR bypass.

Windows process injection methods

Native API header files for the System Informer project.

在Windows环境下的进程注入方法：远程线程注入、创建进程挂起注入、反射注入、APCInject、SetWindowHookEX注入

Some ways to inject a DLL into a alive process

rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.

Process Doppelgänging

GhostWriting Injection Technique.

PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

跨平台的通用Hash算法