Proof-of-concept for CVE-2025-49844

Automated Yara Rule generation using Biclustering

capemon: CAPE's monitor

备份的漏洞库，3月开始我们来维护

Cobalt Strike BOF for evasive .NET assembly execution

A small utility to modify the dynamic linker and RPATH of ELF executables

about how to make a anti-virus engine

A hacky debugger UI for hackers

Labeless is a multipurpose IDA Pro plugin system for labels/comments synchronization with a debugger backend, with complex memory dumping and interactive Python scripting capabilities.

a lightweight, multi-platform, multi-architecture hook framework.

Windows rootkit designed to work with BYOVD exploits

Automated Hosting Information Hunting Tool - Windows 主机信息自动化狩猎工具

A Reflective Loader for macOS

A free but powerful Windows kernel research tool.

HookChain: A new perspective for Bypassing EDR Solutions

Dump cookies and credentials directly from Chrome/Edge process memory

A way to delete a locked file, or current running executable, on disk.

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by threat actors & those which have been incorporated into ope…

Events from all manifest-based and mof-based ETW providers across Windows 10 versions

The Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples.

manual map unsigned driver over signed memory

js 代码反混淆

PoC Anti-Rootkit to uncover Windows Drivers/Rootkits mapped to Kernel Memory.