Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

Collection of C# projects. Useful for pentesting and redteaming.

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

Collection of PoC and offensive techniques used by the BlackArrow Red Team

A Modern Orchestration Engine for Security

A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.

Protected Processes Light Killer

Scan files or process memory for CobaltStrike beacons and parse their configuration

a tool to help operate in EDRs' blind spots

IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related

Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting

A fake AMSI Provider which can be used for persistence.

Dump stuff without touching disk

Official Black Hat Arsenal Security Tools Repository

Executes shellcode from a remote server and aims to evade in-memory scanners

A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.

Purpose-built Red Team network hardware implant made from common components.

Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap

Kernel Mode Driver for Elevating Process Privileges

Win32 and Kernel abusing techniques for pentesters

SeRestorePrivilege to SYSTEM

Interesting APT Report Collection And Some Special IOCs

Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote memory scanners

Python based WinDbg script to automate the search for code caves in binaries and libraries.

Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

A RunAs clone with the ability to specify the password as an argument.

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

Malware Analysis Exercise Samples and Resources

Simple BOF to read the protection level of a process