This is your work, valued
EDR-Preloader. An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
553TrickBot-Toolkit. A collection of tools for dealing with TrickBot
205EDRception. A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
202TinyXPB. Windows XP 32-Bit Bootkit
148ZombifyProcess. Inject code into a legitimate process
146AppContainerSandbox. An example sandbox using AppContainer (Windows 8+)
141CreateDesktop. Example application for creating multiple desktops on Windows
137FakeMBR. TDL4 style rootkit to spoof read/write requests to master boot record
134CitrixHoneypot. Detect and log CVE-2019-19781 scan and exploitation attempts.
120BasicHook. x86 Inline hooking engine (using trampolines)
99Log4jTools. Tools for investigating Log4j CVE-2021-44228
94HiddenDesktop. Create and enumerate hidden desktops.
91FstHook. A library for intercepting native functions by hooking KiFastSystemCall
74UACElevator. Passive UAC elevation using dll infection
73RDGScanner. A proof-of-concept scanner to check an RDG Gateway Server for vulnerabilities CVE-2020-0609 & CVE-2020-0610.
68CVE-2024-47176-Scanner. A simple scanner for identifying vulnerable cups-browsed instances on your network
66ExifSmugglingPoC. A Proof-of-Concept using Cache Smuggling + Exif data to passively download a second stage payload
65SpookySSLTools. Example tools for detecting software using OpenSSL 3.0.0 - 3.0.6 (vulnerable to latest unnamed vulnerability)
43MSDIA-x64. Enable Microsoft PDB support in Ghidra without installing Visual Studio
37FollinaExtractor. Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files
31SimpleEpollServer. An example epoll imlementation with C++11
29ComoDoS. A remote denial-of-service zero day vulnerability in Comodo Internet Security firewall
12PhaseHack. Phase C&C Blind SQL Injection
9NeutrinoBotHack. SQL injection in Neutrino panel
8PhaseDump. Python tool for decrypting W32/Phase modules
7