A full-fledged RtlVectoredExceptionHandler code written from scratch.

This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.

This repository contains a list of python scripts to work with Microsoft RPC for research purposes.

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible

Windows Event Log Auditor

The FLARE team's open-source tool to identify capabilities in executable files.

Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections

Collect Windows telemetry for Maldev

Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Aims to identify sleeping beacons

Sleep obfuscation

Cobaltstrike Reflective Loader with Synthetic Stackframe

Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

A shellcode obfuscation technique using existing files on the target machine

Yet another shellcode loader - but a sneaky one

Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread

A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs

Decrypting yandex browser passwords

Weaponizing DCOM for NTLM Authentication Coercions

CVE Finder - Vulnerability Lookup & GitHub Repository Search

Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects

Rust ADB (Android Debug Bridge) client library

🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications

CKGFuzzer: LLM-Based Fuzz Driver Generation Enhanced By Code Knowledge Graph

tool for enumeration & bulk download of sensitive files found in SharePoint environments

PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager