Havoc is in an early state of release. Breaking changes may be made to APIs/core structures as the framework matures. …

Havoc is in an early state of release. Breaking changes may be made to APIs/core structures as the framework matures. …
laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source …
ropr is a blazing fast multithreaded ROP Gadget finder What is a ROP Gadget? ROP (Return Oriented Programming) Gadgets are …
Get fresh Syscalls from a fresh ntdll.dll copy. This code can be used as an alternative to the already published …
a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common …
A flexible tool that creates a minidump of the LSASS process. 1. Features It uses syscalls (with SysWhispers2) for most …
By Cas van Cooten (@chvancooten) With special thanks to Marcello Salvati (@byt3bl33der) and Fabian Mosch (@S3cur3Th1sSh1t) Description Update: NimPackt-v1 is …
Nimcrypt2 is yet another PE packer/loader designed to bypass AV/EDR. It is an improvement on my original Nimcrypt project, with …
The idea is to “translate” Windows OS privileges to a path leading to: administrator, integrity and/or confidentiality threat, availability threat, …
ExecuteAssembly is an alternative of CS execute-assembly, built with C/C++ and it can be used to Load/Inject .NET assemblies by; …