Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.

It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)

Enumerate and disable common sources of telemetry used by AV/EDR.

GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE.

Adaptive DLL hijacking / dynamic export forwarding

APC DLL Injector with NtQueueApcThread and wake up thread support

Weaponizing Gigabyte driver for priv escalation and bypass PPL

Visual Studio (C++) Solution Template for Payloads

AV/EDR evasion via direct system calls.

Tools for discovery and abuse of COM hijacks

Copy cat model for Proofpoint

Machine learning enabled dropper

Dump ntds.dit really fast

This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemory.

PoC for Bypassing UM Hooks By Bruteforcing Intel Syscalls

Windows Task Scheduler Library for Go

XOR encryption implementations for several languages.

The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification

Vectored Exception Handling Hooking Class

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

How To Execute Shellcode via HTA

Inject code into a legitimate process

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Automated, Collection, and Enrichment Platform

Embed and hide any file in an HTML file

APT & CyberCriminal Campaign Collection