GateSentinel 是一个现代化的 C2 (Command and Control) 框架，专为安全研究和渗透测试设计。该项目采用 Go 语言开发服务端，C 语言开发客户端，提供了强大的远程控制和管理功能。

Stack integrity verification to Detect SleepMask or CallStack Spoofer

Sanctum is a proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

about how to make a anti-virus engine

Execute dotnet app from unmanaged process

免杀远控木马源码整理开源(银狐 winos 大灰狼 gh0st) Rat

bluekrabsetw is a C++ library that simplifies interacting with ETW. bluekrabsetw originates from the krabsetw c++ library and seeks to improve and include capabilities that have not yet been includ…

Events from all manifest-based and mof-based ETW providers across Windows 10 versions

Go编写的多人运动渗透测试图形化框架、支持lua插件扩展、自定义多个模块、自定义shellcode、文件管理、进程管理、内存加载、反向代理等功能

Apt style exploitation of Chrome 0day CVE-2023-4357

云安全利用工具-云平台AK/SK-WEB利用工具，添加AK/SK自动检测资源，无需手动执行，支持云服务器、存储桶、数据库操作

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver

微信客户端取证，可获取用户个人信息(昵称/账号/手机/邮箱/数据库密钥(用来解密聊天记录))；支持获取多用户信息，不定期更新新版本偏移，目前支持所有新版本、正式版本

Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.

Developing a more covert Remote Access Trojan (RAT) tool by leveraging Electron's features for command injection and combining it with remote control methods.

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

一个正向 HVNC / 适用于代理环境

Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post