Multilayered AV/EDR Evasion Framework

Demoting PPL anti-malware services to less than a guest user

A feature rich DLL injection library.

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

windows rootkit

SysWhispers Shellcode Loader (Work in Progress)

.NET, PE, & Raw Shellcode Packer/Loader Written in Nim

Xeno-RAT is an open-source remote access tool (RAT) developed in C#, providing a comprehensive set of features for remote system management.

Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.

BlackLotus UEFI Windows Bootkit

Triple OS Malware development framework [ MacOS, Linux & Windows ]

利用物理内存映射，实现虚拟内存的伪隐藏

collection of apis used in malware development

A lightweight native DLL mapping library that supports mapping directly from memory

Nidhogg is an all-in-one simple to use rootkit for red teams.

UAC bypass for x64 Windows 7 - 11

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs

Public variation of FOLIAGE ( original developer )

Botnet using a Go and Bootstrap Based C2, Support for Windows, Linux and Android Clients.

Former UEFI Firmware Rootkit Replicating MoonBounce / ESPECTRE

Public variation of Titan Loader

The encryption is randomized at every compilation and protected against default bruteforcing.

DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10

Remote Access Tool Written In C#