寻找可利用的白文件

Resolve the issue of DLLmain function in white and black DLLs hanging when calling shellcode

Run IDA scripts headlessly.

lightyear is a tool to dump files in tedious (blind) conditions using PHP filters

免杀远控木马源码整理开源(银狐 winos 大灰狼 gh0st) Rat

OrcaC2是一款基于Websocket加密通信的多功能C&C框架，使用Golang实现。

Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

常见反沙箱反虚拟机总结

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Port Scanner & Banner Identify From TianXiang

📚 PUA 书籍

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callb…

Shikata ga nai (仕方がない) encoder ported into go with several improvements

A Tool that aims to evade av with binary padding

sing-box GUI 用户界面、可视化、前端程序

grs内网穿透工具通过reality协议隐藏特征

一款适用于红蓝对抗中的仿真钓鱼系统

create schtasks bypass AV

Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL

a self-hosted disposable mail service

Obfusheader.h is a portable header file for C++14 compile-time obfuscation.

Minichat，Go语言实现的极简、极轻、无痕、匿名的聊天工具。

Nemo是用来进行自动化信息收集的一个简单平台，通过集成常用的信息收集工具和技术，实现对内网及互联网资产信息的自动收集，提高隐患排查和渗透测试的工作效率。

A Windows rootkit that turns user-land processes into Protected Processes

SO_REUSEADDR和SO_REUSEPORT测试

GoRat is a fast and efficent Remote Access Trojan built in GoLang.

A C2 Remote Access Trojan

Msmap is a Memory WebShell Generator.